[ipxe-devel] Question about login option

Jim Antoniou jantoniou at gmail.com
Sat Aug 18 08:05:13 BST 2012


Thanks!  That worked a treat.

Here's an example of what I did:

if ( !isset($_SERVER['PHP_AUTH_USER']) || !$_SERVER['PHP_AUTH_USER'] )
        {
            header('WWW-Authenticate: Basic realm="Auth"');
            header('HTTP/1.0 401 Unauthorized');
header('HTTP/1.1 401 Unauthorized');
            echo("Please enter a valid username and password");
            exit();
        }
else {
if (!$this->authenticate($this->input->server('PHP_AUTH_USER'),
$this->input->server('PHP_AUTH_PW')))
{
       $this->output->set_header('Location: http://'. HOSTNAME
.'/ipxeboot/');
}
        else { // user logged on - redirect to the menu system
                .... etc. etc.

Thanks again for the pointer.  I was going crazy trying to figure it out.

On Fri, Aug 17, 2012 at 3:04 AM, Michael Brown <mbrown at fensystems.co.uk>wrote:

> On Friday 17 Aug 2012 07:59:23 Jim Antoniou wrote:
> > I've dumped the tcp stream on the web server and don't see any indication
> > that the username is showing up in it after I hit enter.  With the old
> iPXE
> > binary, I see the username show up in the tcp dump.
> >
> > Ideas on how I might troubleshoot this more?  I am grasping at straws
> right
> > now.
>
> I'm pretty sure the offending commit will be
>
>   http://git.ipxe.org/ipxe.git/commitdiff/5f2226a
>
> As part of the changes to add support for HTTP DIgest authentication, iPXE
> now
> provides a username and password only if the server actually requests
> authentication (i.e. responds with a 401 Unauthorized response).
>
> Try adding the following code (taken from
> http://php.net/manual/en/features.http-auth.php) at a suitable place
> within
> your PHP script:
>
>   if ( ! isset ( $_SERVER['PHP_AUTH_USER'] ) ) {
>       header ( 'WWW-Authenticate: Basic realm="My Realm"' );
>       header ( 'HTTP/1.0 401 Unauthorized' );
>       exit;
>   }
>
> That should hopefully make everything work as expected.
>
> To improve security, you might also want to investigate the use of Digest
> authentication, since that avoids exposing the plaintext password on the
> wire.
>
> Michael
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20120818/1be7504d/attachment.html>


More information about the ipxe-devel mailing list