Recommend this page to a friend! |
Simple Authentication and Security Layer | > | All threads | > | Return Information | > | (Un) Subscribe thread alerts |
|
1 - 10 | 11 - 18 |
Michael - 2006-06-16 15:05:02
I am currently testing SASL in a PHP script against a Squid Proxy Server. No matter what I put in the userid or password data, I seem to get a good return. How can I test to see if auth passed Squid or not? There is no remote_user var set.
All of the settings for SASL remain as they were in the scipt except for the domain name, ProxyHostName (there is an IP address there), ProxyUser, ProxyPassword, and ProxyRealm. Mike
Manuel Lemos - 2006-06-16 17:05:29 - In reply to message 1 from Michael
I am not sure what you mean.
The SASL package is not useful by itself. It should be used in conjunction with a client of a protocol that requires authentication mechanisms supported by the SASL package. For HTTP, you may want to try the HTTP client class. It supports proxies and uses the SASL package for authentication. phpclasses.org/httpclient
Michael - 2006-06-16 17:13:49 - In reply to message 2 from Manuel Lemos
Using your test_http.php, I changed the vars in it to authenticate against our Squid Proxy Server. No matter what I send it comes back the same way. There is no way for me to know if it failed or succeeded. What indicate is there that it failed? It seems the only error returned is if the script itself fails. How can I know if authentication failed?
Apologies for not being clearer. Thanks. Mike
Manuel Lemos - 2006-06-16 17:41:55 - In reply to message 3 from Michael
If authentication fails, the response_status variable is 407 for proxy authentication failure or 401 for remote server authentication failure.
In any case, enable debugging output to let you see what the proxy or remote server returns.
Michael - 2006-06-16 17:53:45 - In reply to message 4 from Manuel Lemos
No matter what I enter, good or bad userid, I always get the following.
Response status code: 200 Is there a var in the PHP script that will tell me different? I am sure it is something that I am doing wrong as I am new at this. I just do not know what it is that i am doing wrong! Thanks. Mike
Michael - 2006-06-16 17:55:20 - In reply to message 5 from Michael
Oh, I forgot to mention that debug is always set on.
/* Output debugging information about the progress of the connection */ $http->debug=1; /* Format dubug output to display with HTML pages */ $http->html_debug=1; And I can see that the Squid server is being queried. Mike
Manuel Lemos - 2006-06-16 18:43:03 - In reply to message 5 from Michael
Probably the server is redirecting to a common page when the user access is denied.
It is hard to tell without seeing the HTTP dialog.
Michael - 2006-06-16 21:43:12 - In reply to message 7 from Manuel Lemos
I will copy and paste the results when I get back to work on Monday. What you said sounds very logical. Hopefully that will be a quick fix and it will be working!
Thanks for your help. Mike
Michael - 2006-06-19 13:14:13 - In reply to message 8 from Michael
Here is the output from your test script. Thanks for the help.
Mike Test for Manuel Lemos' PHP HTTP class * Opening connection to: 10.10.0.14 Connecting to 10.10.0.14 Connecting to HTTP server IP 10.10.0.89... Connected to 10.10.0.89 * Sending request for page: /mysource.shoremortgage.com/ Login: userid Password: ********* C GET http://10.10.0.14/mysource.shoremortgage.com/ HTTP/1.1 C Host: 10.10.0.14 C User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) C Pragma: nocache C * Request: GET http://10.10.0.14/mysource.shoremortgage.com/ HTTP/1.1 * Request headers: Host: 10.10.0.14 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Pragma: nocache S HTTP/1.0 200 OK S Date: Mon, 19 Jun 2006 13:06:28 GMT S Server: Apache/2.0.55 (Ubuntu) PHP/5.1.4-1.dotdeb.2 mod_ssl/2.0.55 OpenSSL/0.9.8a S X-Powered-By: PHP/5.1.4-1.dotdeb.2 S Set-Cookie: PHPSESSID=a80246dc4e6dc8d41a36920dd62a3689; path=/ S Expires: Thu, 19 Nov 1981 08:52:00 GMT S Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 S Pragma: no-cache S Content-Length: 1800 S Content-Type: text/html; charset=ISO-8859-1 S X-Cache: MISS from squid.shoremortgage.com S X-Cache-Lookup: MISS from squid.shoremortgage.com:3128 S Proxy-Connection: close S * Response status code: 200 * Response headers: http/1.0 200 ok: date: Mon, 19 Jun 2006 13:06:28 GMT server: Apache/2.0.55 (Ubuntu) PHP/5.1.4-1.dotdeb.2 mod_ssl/2.0.55 OpenSSL/0.9.8a x-powered-by: PHP/5.1.4-1.dotdeb.2 set-cookie: PHPSESSID=a80246dc4e6dc8d41a36920dd62a3689; path=/ expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache content-length: 1800 content-type: text/html; charset=ISO-8859-1 x-cache: MISS from squid.shoremortgage.com x-cache-lookup: MISS from squid.shoremortgage.com:3128 proxy-connection: close * Response body: S remote-user=server remote-user= REQUEST Array ( ) SERVER Array ( [nokeepalive] => 1 [ssl-unclean-shutdown] => 1 [downgrade-1_0] => 1 [force-response-1_0] => 1 [HTTP_HOST] => 10.10.0.14 [HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) [HTTP_PRAGMA] => nocache [HTTP_VIA] => 1.1 squid.shoremortgage.com:3128 (squid/2.5.STABLE12) [HTTP_X_FORWARDED_FOR] => unknown [HTTP_CACHE_CONTROL] => max-age=259200 [HTTP_CONNECTION] => keep-alive [PATH] => /usr/local/bin:/usr/bin:/bin [SERVER_SIGNATURE] => Apache/2.0.55 (Ubuntu) PHP/5.1.4-1.dotdeb.2 mod_ssl/2.0.55 OpenSSL/0.9.8a Server at 10.10.0.14 Port 80 [SERVER_SOFTWARE] => Apache/2.0.55 (Ubuntu) PHP/5.1.4-1.dotdeb.2 mod_ssl/2.0.55 OpenSSL/0.9.8a [SERVER_NAME] => 10.10.0.14 [SERVER_ADDR] => 10.10.0.14 [SERVER_PORT] => 80 [REMOTE_ADDR] => 10.10.0.89 [DOCUMENT_ROOT] => /var/www/htdocs [SERVER_ADMIN] => mavila@shoremortg <P>remote-user=server remote-user=<P>REQUEST<P>Array ( ) <P>SERVER<P>Array ( [nokeepalive] => 1 [ssl-unclean-shutdown] => 1 [downgrade-1_0] => 1 [force-response-1_0] => 1 [HTTP_HOST] => 10.10.0.14 [HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) [HTTP_PRAGMA] => nocache [HTTP_VIA] => 1.1 squid.shoremortgage.com:3128 (squid/2.5.STABLE12) [HTTP_X_FORWARDED_FOR] => unknown [HTTP_CACHE_CONTROL] => max-age=259200 [HTTP_CONNECTION] => keep-alive [PATH] => /usr/local/bin:/usr/bin:/bin [SERVER_SIGNATURE] => <address>Apache/2.0.55 (Ubuntu) PHP/5.1.4-1.dotdeb.2 mod_ssl/2.0.55 OpenSSL/0.9.8a Server at 10.10.0.14 Port 80</address> [SERVER_SOFTWARE] => Apache/2.0.55 (Ubuntu) PHP/5.1.4-1.dotdeb.2 mod_ssl/2.0.55 OpenSSL/0.9.8a [SERVER_NAME] => 10.10.0.14 [SERVER_ADDR] => 10.10.0.14 [SERVER_PORT] => 80 [REMOTE_ADDR] => 10.10.0.89 [DOCUMENT_ROOT] => /var/www/htdocs [SERVER_ADMIN] => mavila@shoremortgS age.com [SCRIPT_FILENAME] => /var/www/htdocs/mysource.shoremortgage.com/index.php [REMOTE_PORT] => 56653 [GATEWAY_INTERFACE] => CGI/1.1 [SERVER_PROTOCOL] => HTTP/1.0 [REQUEST_METHOD] => GET [QUERY_STRING] => [REQUEST_URI] => /mysource.shoremortgage.com/ [SCRIPT_NAME] => /mysource.shoremortgage.com/index.php [PHP_SELF] => /mysource.shoremortgage.com/index.php [REQUEST_TIME] => 1150722388 [argv] => Array ( ) [argc] => 0 ) Enter your ID Enter your password age.com [SCRIPT_FILENAME] => /var/www/htdocs/mysource.shoremortgage.com/index.php [REMOTE_PORT] => 56653 [GATEWAY_INTERFACE] => CGI/1.1 [SERVER_PROTOCOL] => HTTP/1.0 [REQUEST_METHOD] => GET [QUERY_STRING] => [REQUEST_URI] => /mysource.shoremortgage.com/ [SCRIPT_NAME] => /mysource.shoremortgage.com/index.php [PHP_SELF] => /mysource.shoremortgage.com/index.php [REQUEST_TIME] => 1150722388 [argv] => Array ( ) [argc] => 0 ) <HTML><HEAD><TITLE>NTLM Authentication</TITLE></HEAD><BODY><FORM METHOD='Post' ACTION='index.php'><P>Enter your ID <INPUT TYPE='TEXT' NAME='userid'><P>Enter your password <INPUT TYPE='Password' NAME='password'><INPUT TYPE='Hidden' NAME='step' value=2><P><INPUT TYPE='Submit' VALUE='Login'></FORM></BODY></HTML> Disconnected from 10.10.0.14
Manuel Lemos - 2006-06-19 18:42:01 - In reply to message 9 from Michael
Is it my impression, or the actual authentication appears in the site pages, rather than the usual browser authentication window?
If it is the case, that is not HTTP authentication. You would need to parse the page to get the authentication form field names and submit your credentials using an HTTP POST request with this class. |
1 - 10 | 11 - 18 |
info at phpclasses dot org
.