Ping a Specific Port

Question

Chris

Asked: 2010-09-18 06:29:30 +0800 CST2010-09-18 06:29:30 +0800 CST 2010-09-18 06:29:30 +0800 CST

.htaccess requires password in chrome but not other browsers?

772

We have .htaccess on our site http://subdomain.site.com/:

AuthType Kerberos
AuthName "Internet ID"

require valid-user

order deny,allow
deny from all
allow from all

On a sub directory of the site, http://subdomain.site.com/subdirectory/ we have an .htaccess:

AuthType none
Satisfy any

The reason is that on this subdirectory/ we have a different authentication mechanism and do not want to use kerberos as authentication. The problem though is that in chrome the .htaccess authentication still pops up but firefox, opera, IE do not prompt for this authentication before loading the page.

I am having trouble understanding how a server side configuration could be presented to the end user differently depending on the browser? Is there something in my subdirectry .htaccess that I am missing ?

3 Answers

Voted

Mark Wagner · Answer 1 · 2010-09-18T10:27:31+08:00

Best Answer

Mark Wagner

2010-09-18T10:27:31+08:002010-09-18T10:27:31+08:00

I just reproduced this. Chrome is requesting /favicon.ico and gets a HTTP/1.1 401 Authorization Required. Other browsers ignore it. Chrome presents a auth dialog box. Try adding this to your .htaccess on your site http://subdomain.site.com/

<Files "favicon.ico">
    AuthType none
    Satisfy any
</Files>

Here is the bug... http://code.google.com/p/chromium/issues/detail?id=12876 ...pretty bad.

5

user57053 · Answer 2 · 2010-10-14T12:42:58+08:00

user57053

2010-10-14T12:42:58+08:002010-10-14T12:42:58+08:00

When using chrome, you have to pass arguments to it on the command line to get www-negotiate to work. Specifically, you have to whitelist the hostname(s) (FQDN(s)) of the kerberos-enable webserver(s). From http://www.chromium.org/developers/design-documents/http-authentication :

google-chrome --auth-server-whitelist="*example.com,*foobar.com,*baz"

If you want force only gssapi and not use basic auth:

google-chrome --auth-schemes="negotiate"

See the above link for more info.

1

gabbelduck · Answer 3 · 2010-09-18T08:38:43+08:00

gabbelduck

2010-09-18T08:38:43+08:002010-09-18T08:38:43+08:00

At a guess, the most likely reason is that Chrome does not support Kerberos, or does not support it in the same way as the other three browsers do. Likely all users are being authenticated, the server is still requiring authentication (not doing what you think it is exactly) - but the browsers that support kerberos are doing it transparently.

I'd say set apache to log usernames in the access log, and see if the hits from the other browsers are being allowed in by username or not... and go from there.

0

.htaccess requires password in chrome but not other browsers?

Ping a Specific Port

How do I tell Git for Windows where to find my private RSA key?

How do you restart php-fpm?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?