39680 – mod_proxy opens connections that disturb NTLM

Bug 39680 - mod_proxy opens connections that disturb NTLM

Summary: mod_proxy opens connections that disturb NTLM

Status:	RESOLVED DUPLICATE of bug 39673

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_proxy (show other bugs)
Version:	2.2.0
Hardware:	Sun Solaris

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:	http://alsaha2.fares.net/sahat/.ee6b2ff
Keywords:

Depends on:
Blocks:

Reported:	2006-05-30 06:23 UTC by Olivier BOEL
Modified:	2008-02-16 05:26 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Olivier BOEL 2006-05-30 06:23:45 UTC

The following configuration works fine with Apache 2.0 :
- client : IE + Windows XP
- Reverse Proxy : Apache 2.0 running on solaris 9
- IIS (Windows) server with NTLM authentication enabled
When a protected page (via ACL on the IIS server) is accessed by the 
client, thanks to Windows integrated authentication, the page is 
displayed with any user intervention (user identification prompt).

Since Apache 2.2, user receives an identification prompt and, although 
the username/password he enters are correct, he is not authorized.

Looking at the network traffic, it seems that the NTLM authentication 
process is made of 3 requests.
Between the client and the RP, they use a single connection (same 
port).
Between the RP and the IIS server, they use a single connection if the 
RP is running on Apache 2.0; however, with Apache 2.2, the 3 requests 
use 3 different connections (3 ports), which make NTLM fail.
This problem is reproductible at will.
I tried the "ProxyPass keepalive=On" directive but it didn't help.


Is there a workaround?

Comment 1 Ruediger Pluem 2006-05-30 19:54:32 UTC


*** This bug has been marked as a duplicate of 39673 ***