FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 07-30-2008, 08:41 PM
 
Default credential files

Does anyone have any idea how a browser recognizes that a cite is asking for a credential file, and hands it back to it?

For example, I go to a site, and firefox suddenly says "this sites wants a credential - is this the credential that you want to give it?" I've used a plugin that shows me http headers and responses, and see nothing where that happens.

Links? Pointers? Clues for the poor?

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-31-2008, 04:39 AM
"Chet Nichols III"
 
Default credential files

It almost sounds like it's a site you previously visited and used HTTP basic
authentication to access, and hit a checkbox to 'remember this information'.
So, you're visiting it again, Firefox goes "oh cool I have this login
information from the last time", and asks if you want to use the previous
information.. meaning, it's just something stored client side. If you hit
"yes", it will send an Authentication: Basic <base64-coded-login> header
along with the request.
Do you see any of that, or think that might be what's going on? Talk to you
soon!

Chet

On Wed, Jul 30, 2008 at 4:41 PM, <m.roth2006@rcn.com> wrote:

> Does anyone have any idea how a browser recognizes that a cite is asking
> for a credential file, and hands it back to it?
>
> For example, I go to a site, and firefox suddenly says "this sites wants a
> credential - is this the credential that you want to give it?" I've used a
> plugin that shows me http headers and responses, and see nothing where that
> happens.
>
> Links? Pointers? Clues for the poor?
>
> mark
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



--
----------------------------------------
chet nichols III
chet.nichols@gmail.com
aim: chet / twitter: chet
http://chetnichols.org
----------------------------------------
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-31-2008, 08:44 AM
Nigel Wade
 
Default credential files

m.roth2006@rcn.com wrote:

Does anyone have any idea how a browser recognizes that a cite is asking for a
credential file, and hands it back to it?

For example, I go to a site, and firefox suddenly says "this sites wants a credential -
is this the credential that you want to give it?" I've used a plugin that shows me http
headers and responses, and see nothing where that happens.

Links? Pointers? Clues for the poor?


What sort of credentials are you talking about? Is this SSL (https) with client
certificate verification? If so it's part of the initial SSL handshake. The server asks
the client to prove that it is who it says it is by supplying a valid, authenticated,
certificate.


--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-31-2008, 12:46 PM
mark
 
Default credential files

Chet Nichols III wrote:
> On Wed, Jul 30, 2008 at 4:41 PM, <m.roth2006@rcn.com> wrote:
>
>> Does anyone have any idea how a browser recognizes that a cite is asking
>> for a credential file, and hands it back to it?
>>
>> For example, I go to a site, and firefox suddenly says "this sites wants a
>> credential - is this the credential that you want to give it?" I've used a
>> plugin that shows me http headers and responses, and see nothing where that
>> happens.
>>
>> Links? Pointers? Clues for the poor?
c
> It almost sounds like it's a site you previously visited and used HTTP basic
> authentication to access, and hit a checkbox to 'remember this information'.
> So, you're visiting it again, Firefox goes "oh cool I have this login
> information from the last time", and asks if you want to use the previous
> information.. meaning, it's just something stored client side. If you hit
> "yes", it will send an Authentication: Basic <base64-coded-login> header
> along with the request.
> Do you see any of that, or think that might be what's going on? Talk to you
> soon!

No, There's no way for me to use the login information again (and I *never* do
that, anyway, I *always* type my password in, even on my system at home).

It's *way* more complicated than that. I'm going through the corporate security
platform, that uses IBM's WebSEAL, part of Tivoli. What I'm trying to do is run
a perl script to grab the rss feed from our group's website. I've got a
credential - a .pfx file - and I'm trying to hand it to WebSEAL the same way
that my browser does. There is ZERO information in IBM's online docs for
WebSEAL for what the *client* needs to hand it, and how to hand it. All they've
got is how to configure the server side (which I have utterly no control or
visibility into, though I'm trying to get some log entries from the guy who
does handle it).

So what I was doing was watching my browser's interaction going to the site,
and looking for requests for credentials. I don't see anything that I can
identify as such.

I reiterate: *bleah*

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-31-2008, 12:58 PM
mark
 
Default credential files

Nigel Wade wrote:
> m.roth2006@rcn.com wrote:
>> Does anyone have any idea how a browser recognizes that a cite is
>> asking for a
>> credential file, and hands it back to it?
>>
>> For example, I go to a site, and firefox suddenly says "this sites
>> wants a credential -
>> is this the credential that you want to give it?" I've used a plugin
>> that shows me http
>> headers and responses, and see nothing where that happens.
>>
>> Links? Pointers? Clues for the poor?
>
> What sort of credentials are you talking about? Is this SSL (https) with
> client certificate verification? If so it's part of the initial SSL
> handshake. The server asks the client to prove that it is who it says it
> is by supplying a valid, authenticated, certificate.
>
YES! Please, please, HOW DOES IT ASK? Can I provide that in the original get,
as additional headers, or do I have to wait for a response, and then provide it?

I *was* just slogging through RFC ...damn, now I can't remember, 1136? whatever
that is, and was looking for something like this....

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-31-2008, 02:05 PM
Nigel Wade
 
Default credential files

mark wrote:

Nigel Wade wrote:

m.roth2006@rcn.com wrote:

Does anyone have any idea how a browser recognizes that a cite is
asking for a
credential file, and hands it back to it?

For example, I go to a site, and firefox suddenly says "this sites
wants a credential -
is this the credential that you want to give it?" I've used a plugin
that shows me http
headers and responses, and see nothing where that happens.

Links? Pointers? Clues for the poor?

What sort of credentials are you talking about? Is this SSL (https) with
client certificate verification? If so it's part of the initial SSL
handshake. The server asks the client to prove that it is who it says it
is by supplying a valid, authenticated, certificate.


YES! Please, please, HOW DOES IT ASK? Can I provide that in the original get,
as additional headers, or do I have to wait for a response, and then provide it?


It's not up to the client. If the server is configured to require a client cert it will
request it. If it isn't it won't. If it requests a client cert. then you need to supply
one or the connection will fail. How you supply the client cert. to the client software is
completely determined by the client software.


Google would be your best option. If you are using PERL SSLeay then this page might help:
http://search.cpan.org/~sampo/Net_SSLeay.pm-1.25/SSLeay.pm

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 02:41 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org