[ipxe-devel] Question about login option

Michael Brown mbrown at fensystems.co.uk
Fri Aug 17 10:04:27 UTC 2012


On Friday 17 Aug 2012 07:59:23 Jim Antoniou wrote:
> I've dumped the tcp stream on the web server and don't see any indication
> that the username is showing up in it after I hit enter.  With the old iPXE
> binary, I see the username show up in the tcp dump.
> 
> Ideas on how I might troubleshoot this more?  I am grasping at straws right
> now.

I'm pretty sure the offending commit will be

  http://git.ipxe.org/ipxe.git/commitdiff/5f2226a

As part of the changes to add support for HTTP DIgest authentication, iPXE now 
provides a username and password only if the server actually requests 
authentication (i.e. responds with a 401 Unauthorized response).

Try adding the following code (taken from 
http://php.net/manual/en/features.http-auth.php) at a suitable place within 
your PHP script:

  if ( ! isset ( $_SERVER['PHP_AUTH_USER'] ) ) {
      header ( 'WWW-Authenticate: Basic realm="My Realm"' );
      header ( 'HTTP/1.0 401 Unauthorized' );
      exit;
  }

That should hopefully make everything work as expected.

To improve security, you might also want to investigate the use of Digest 
authentication, since that avoids exposing the plaintext password on the wire.

Michael



More information about the ipxe-devel mailing list