Added password logic, now can't get the Authorization: check to trigger

Cole, Timothy D. timothy_d_cole at md.northgrum.com
Wed Jul 26 14:37:02 GMT 2000


> -----Original Message-----
> From:	Steve Langasek [SMTP:vorlon at netexpress.net]
> Sent:	Wednesday, July 26, 2000 10:11
> To:	Ron Alexander
> Cc:	Samba-Technical
> Subject:	Re: Added password logic, now can't get the Authorization:
> check to trigger
> 
> On Wed, 26 Jul 2000, Ron Alexander wrote:
> 
> > >From the cgi.log
> 
> > [Date: Wed, 26 Jul 2000 08:55:50 edt   24.66.96.61.on.wave.home.com
> > (24.66.96.61)]
> > GET / HTTP/1.1
> > Accept: */*
> > Accept-Language: en-ca
> > Accept-Encoding: gzip, deflate
> > User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0;
> AtHome0101)
> > Host: 134.111.220.160:901
> > Connection: Keep-Alive
> 
> > [Date: Wed, 26 Jul 2000 08:56:28 edt   24.66.96.61.on.wave.home.com
> > (24.66.96.61)]
> > GET / HTTP/1.1
> > Accept: */*
> > Accept-Language: en-ca
> > Accept-Encoding: gzip, deflate
> > User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0;
> AtHome0101)
> > Host: 134.111.220.160:901
> > Connection: Keep-Alive
> > Authorization: Basic cm9vdDpyb290			<<<<<<<<<<<<<
> shouldn't this trigger the
> > code above?
> 
> > BTW, what the heck is the cm9vdDpyb290 anyway?
> 
> 'cm9vdDpyb290' should be the obfuscated (not encrypted) password being
> used
> for authentication.  I'm curious that there's no username listed on that
> line.
> I could easily be mistaken, but I thought the syntax is
>   Authorization: <type> <user> <pass>
> 
> Your other logs from swat corroborate this, as it seems to be trying all
> your
> share names looking for a username it can use with that password..?
> 
	IIRC, for the Basic authorization type, the authentication token is
in the form "user:pass", and then base-64 encoded.




More information about the samba-technical mailing list