Search Results

Search found 9696 results on 388 pages for 'proxy authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 98/388 | < Previous Page | 94 95 96 97 98 99 100 101 102 103 104 105  | Next Page >

  • Alternative Django Authenication

    - by pq
    Need to integrate Django with an existing authentication system. That system has it's own database, API, login/logout,edit profile web pages and cookie. (I may have to add a few additional profile fields stored/updated locally) What's the proper approach to substitute the out-of-the-box authentication in Django?

    Read the article

  • Authenticating clients in the new WCF Http stack

    - by cibrax
    About this time last year, I wrote a couple of posts about how to use the “Interceptors” from the REST starker kit for implementing several authentication mechanisms like “SAML”, “Basic Authentication” or “OAuth” in the WCF Web programming model. The things have changed a lot since then, and Glenn finally put on our hands a new version of the Web programming model that deserves some attention and I believe will help us a lot to build more Http oriented services in the .NET stack. What you can get today from wcf.codeplex.com is a preview with some cool features like Http Processors (which I already discussed here), a new and improved version of the HttpClient library, Dependency injection and better TDD support among others. However, the framework still does not support an standard way of doing client authentication on the services (This is something planned for the upcoming releases I believe). For that reason, moving the existing authentication interceptors to this new programming model was one of the things I did in the last few days. In order to make authentication simple and easy to extend,  I first came up with a model based on what I called “Authentication Interceptors”. An authentication interceptor maps to an existing Http authentication mechanism and implements the following interface, public interface IAuthenticationInterceptor{ string Scheme { get; } bool DoAuthentication(HttpRequestMessage request, HttpResponseMessage response, out IPrincipal principal);} An authentication interceptors basically needs to returns the http authentication schema that implements in the property “Scheme”, and implements the authentication mechanism in the method “DoAuthentication”. As you can see, this last method “DoAuthentication” only relies on the HttpRequestMessage and HttpResponseMessage classes, making the testing of this interceptor very simple (There is no need to do some black magic with the WCF context or messages). After this, I implemented a couple of interceptors for supporting basic authentication and brokered authentication with SAML (using WIF) in my services. The following code illustrates how the basic authentication interceptors looks like. public class BasicAuthenticationInterceptor : IAuthenticationInterceptor{ Func<UsernameAndPassword, bool> userValidation; string realm;  public BasicAuthenticationInterceptor(Func<UsernameAndPassword, bool> userValidation, string realm) { if (userValidation == null) throw new ArgumentNullException("userValidation");  if (string.IsNullOrEmpty(realm)) throw new ArgumentNullException("realm");  this.userValidation = userValidation; this.realm = realm; }  public string Scheme { get { return "Basic"; } }  public bool DoAuthentication(HttpRequestMessage request, HttpResponseMessage response, out IPrincipal principal) { string[] credentials = ExtractCredentials(request); if (credentials.Length == 0 || !AuthenticateUser(credentials[0], credentials[1])) { response.StatusCode = HttpStatusCode.Unauthorized; response.Content = new StringContent("Access denied"); response.Headers.WwwAuthenticate.Add(new AuthenticationHeaderValue("Basic", "realm=" + this.realm));  principal = null;  return false; } else { principal = new GenericPrincipal(new GenericIdentity(credentials[0]), new string[] {});  return true; } }  private string[] ExtractCredentials(HttpRequestMessage request) { if (request.Headers.Authorization != null && request.Headers.Authorization.Scheme.StartsWith("Basic")) { string encodedUserPass = request.Headers.Authorization.Parameter.Trim();  Encoding encoding = Encoding.GetEncoding("iso-8859-1"); string userPass = encoding.GetString(Convert.FromBase64String(encodedUserPass)); int separator = userPass.IndexOf(':');  string[] credentials = new string[2]; credentials[0] = userPass.Substring(0, separator); credentials[1] = userPass.Substring(separator + 1);  return credentials; }  return new string[] { }; }  private bool AuthenticateUser(string username, string password) { var usernameAndPassword = new UsernameAndPassword { Username = username, Password = password };  if (this.userValidation(usernameAndPassword)) { return true; }  return false; }} This interceptor receives in the constructor a callback in the form of a Func delegate for authenticating the user and the “realm”, which is required as part of the implementation. The rest is a general implementation of the basic authentication mechanism using standard http request and response messages. I also implemented another interceptor for authenticating a SAML token with WIF. public class SamlAuthenticationInterceptor : IAuthenticationInterceptor{ SecurityTokenHandlerCollection handlers = null;  public SamlAuthenticationInterceptor(SecurityTokenHandlerCollection handlers) { if (handlers == null) throw new ArgumentNullException("handlers");  this.handlers = handlers; }  public string Scheme { get { return "saml"; } }  public bool DoAuthentication(HttpRequestMessage request, HttpResponseMessage response, out IPrincipal principal) { SecurityToken token = ExtractCredentials(request);  if (token != null) { ClaimsIdentityCollection claims = handlers.ValidateToken(token);  principal = new ClaimsPrincipal(claims);  return true; } else { response.StatusCode = HttpStatusCode.Unauthorized; response.Content = new StringContent("Access denied");  principal = null;  return false; } }  private SecurityToken ExtractCredentials(HttpRequestMessage request) { if (request.Headers.Authorization != null && request.Headers.Authorization.Scheme == "saml") { XmlTextReader xmlReader = new XmlTextReader(new StringReader(request.Headers.Authorization.Parameter));  var col = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(); SecurityToken token = col.ReadToken(xmlReader);  return token; }  return null; }}This implementation receives a “SecurityTokenHandlerCollection” instance as part of the constructor. This class is part of WIF, and basically represents a collection of token managers to know how to handle specific xml authentication tokens (SAML is one of them). I also created a set of extension methods for injecting these interceptors as part of a service route when the service is initialized. var basicAuthentication = new BasicAuthenticationInterceptor((u) => true, "ContactManager");var samlAuthentication = new SamlAuthenticationInterceptor(serviceConfiguration.SecurityTokenHandlers); // use MEF for providing instancesvar catalog = new AssemblyCatalog(typeof(Global).Assembly);var container = new CompositionContainer(catalog);var configuration = new ContactManagerConfiguration(container); RouteTable.Routes.AddServiceRoute<ContactResource>("contact", configuration, basicAuthentication, samlAuthentication);RouteTable.Routes.AddServiceRoute<ContactsResource>("contacts", configuration, basicAuthentication, samlAuthentication); In the code above, I am injecting the basic authentication and saml authentication interceptors in the “contact” and “contacts” resource implementations that come as samples in the code preview. I will use another post to discuss more in detail how the brokered authentication with SAML model works with this new WCF Http bits. The code is available to download in this location.

    Read the article

  • Using Node.js as an accelerator for WCF REST services

    - by Elton Stoneman
    Node.js is a server-side JavaScript platform "for easily building fast, scalable network applications". It's built on Google's V8 JavaScript engine and uses an (almost) entirely async event-driven processing model, running in a single thread. If you're new to Node and your reaction is "why would I want to run JavaScript on the server side?", this is the headline answer: in 150 lines of JavaScript you can build a Node.js app which works as an accelerator for WCF REST services*. It can double your messages-per-second throughput, halve your CPU workload and use one-fifth of the memory footprint, compared to the WCF services direct.   Well, it can if: 1) your WCF services are first-class HTTP citizens, honouring client cache ETag headers in request and response; 2) your services do a reasonable amount of work to build a response; 3) your data is read more often than it's written. In one of my projects I have a set of REST services in WCF which deal with data that only gets updated weekly, but which can be read hundreds of times an hour. The services issue ETags and will return a 304 if the client sends a request with the current ETag, which means in the most common scenario the client uses its local cached copy. But when the weekly update happens, then all the client caches are invalidated and they all need the same new data. Then the service will get hundreds of requests with old ETags, and they go through the full service stack to build the same response for each, taking up threads and processing time. Part of that processing means going off to a database on a separate cloud, which introduces more latency and downtime potential.   We can use ASP.NET output caching with WCF to solve the repeated processing problem, but the server will still be thread-bound on incoming requests, and to get the current ETags reliably needs a database call per request. The accelerator solves that by running as a proxy - all client calls come into the proxy, and the proxy routes calls to the underlying REST service. We could use Node as a straight passthrough proxy and expect some benefit, as the server would be less thread-bound, but we would still have one WCF and one database call per proxy call. But add some smart caching logic to the proxy, and share ETags between Node and WCF (so the proxy doesn't even need to call the servcie to get the current ETag), and the underlying service will only be invoked when data has changed, and then only once - all subsequent client requests will be served from the proxy cache.   I've built this as a sample up on GitHub: NodeWcfAccelerator on sixeyed.codegallery. Here's how the architecture looks:     The code is very simple. The Node proxy runs on port 8010 and all client requests target the proxy. If the client request has an ETag header then the proxy looks up the ETag in the tag cache to see if it is current - the sample uses memcached to share ETags between .NET and Node. If the ETag from the client matches the current server tag, the proxy sends a 304 response with an empty body to the client, telling it to use its own cached version of the data. If the ETag from the client is stale, the proxy looks for a local cached version of the response, checking for a file named after the current ETag. If that file exists, its contents are returned to the client as the body in a 200 response, which includes the current ETag in the header. If the proxy does not have a local cached file for the service response, it calls the service, and writes the WCF response to the local cache file, and to the body of a 200 response for the client. So the WCF service is only troubled if both client and proxy have stale (or no) caches.   The only (vaguely) clever bit in the sample is using the ETag cache, so the proxy can serve cached requests without any communication with the underlying service, which it does completely generically, so the proxy has no notion of what it is serving or what the services it proxies are doing. The relative path from the URL is used as the lookup key, so there's no shared key-generation logic between .NET and Node, and when WCF stores a tag it also stores the "read" URL against the ETag so it can be used for a reverse lookup, e.g:   Key Value /WcfSampleService/PersonService.svc/rest/fetch/3 "28cd4796-76b8-451b-adfd-75cb50a50fa6" "28cd4796-76b8-451b-adfd-75cb50a50fa6" /WcfSampleService/PersonService.svc/rest/fetch/3    In Node we read the cache using the incoming URL path as the key and we know that "28cd4796-76b8-451b-adfd-75cb50a50fa6" is the current ETag; we look for a local cached response in /caches/28cd4796-76b8-451b-adfd-75cb50a50fa6.body (and the corresponding .header file which contains the original service response headers, so the proxy response is exactly the same as the underlying service). When the data is updated, we need to invalidate the ETag cache – which is why we need the reverse lookup in the cache. In the WCF update service, we don't need to know the URL of the related read service - we fetch the entity from the database, do a reverse lookup on the tag cache using the old ETag to get the read URL, update the new ETag against the URL, store the new reverse lookup and delete the old one.   Running Apache Bench against the two endpoints gives the headline performance comparison. Making 1000 requests with concurrency of 100, and not sending any ETag headers in the requests, with the Node proxy I get 102 requests handled per second, average response time of 975 milliseconds with 90% of responses served within 850 milliseconds; going direct to WCF with the same parameters, I get 53 requests handled per second, mean response time of 1853 milliseconds, with 90% of response served within 3260 milliseconds. Informally monitoring server usage during the tests, Node maxed at 20% CPU and 20Mb memory; IIS maxed at 60% CPU and 100Mb memory.   Note that the sample WCF service does a database read and sleeps for 250 milliseconds to simulate a moderate processing load, so this is *not* a baseline Node-vs-WCF comparison, but for similar scenarios where the  service call is expensive but applicable to numerous clients for a long timespan, the performance boost from the accelerator is considerable.     * - actually, the accelerator will work nicely for any HTTP request, where the URL (path + querystring) uniquely identifies a resource. In the sample, there is an assumption that the ETag is a GUID wrapped in double-quotes (e.g. "28cd4796-76b8-451b-adfd-75cb50a50fa6") – which is the default for WCF services. I use that assumption to name the cache files uniquely, but it is a trivial change to adapt to other ETag formats.

    Read the article

  • Log a user in to an ASP.net application using Windows Authentication without using Windows Authentic

    - by Rising Star
    I have an ASP.net application I'm developing authentication for. I am using an existing cookie-based log on system to log users in to the system. The application runs as an anonymous account and then checks the cookie when the user wants to do something restricted. This is working fine. However, there is one caveat: I've been told that for each page that connects to our SQL server, I need to make it so that the user connects using an Active Directory account. because the system I'm using is cookie based, the user isn't logged in to Active Directory. Therefore, I use impersonation to connect to the server as a specific account. However, the powers that be here don't like impersonation; they say that it clutters up the code. I agree, but I've found no way around this. It seems that the only way that a user can be logged in to an ASP.net application is by either connecting with Internet Explorer from a machine where the user is logged in with their Active Directory account or by typing an Active Directory username and password. Neither of these two are workable in my application. I think it would be nice if I could make it so that when a user logs in and receives the cookie (which actually comes from a separate log on application, by the way), there could be some code run which tells the application to perform all network operations as the user's Active Directory account, just as if they had typed an Active Directory username and password. It seems like this ought to be possible somehow, but the solution evades me. How can I make this work? Update To those who have responded so far, I apologize for the confusion I have caused. The responses I've received indicate that you've misunderstood the question, so please allow me to clarify. I have no control over the requirement that users must perform network operations (such as SQL queries) using Active Directory accounts. I've been told several times (online and in meat-space) that this is an unusual requirement and possibly bad practice. I also have no control over the requirement that users must log in using the existing cookie-based log on application. I understand that in an ideal MS ecosystem, I would simply dis-allow anonymous access in my IIS settings and users would log in using Windows Authentication. This is not the case. The current system is that as far as IIS is concerned, the user logs in anonymously (even though they supply credentials which result in the issuance of a cookie) and we must programmatically check the cookie to see if the user has access to any restricted resources. In times past, we have simply used a single SQL account to perform all queries. My direct supervisor (who has many years of experience with this sort of thing) wants to change this. He says that if each user has his own AD account to perform SQL queries, it gives us more of a trail to follow if someone tries to do something wrong. The closest thing I've managed to come up with is using WIF to give the user a claim to a specific Active Directory account, but I still have to use impersonation because even still, the ASP.net process presents anonymous credentials to the SQL server. It boils down to this: Can I log users in with Active Directory accounts in my ASP.net application without having the users manually enter their AD credentials? (Windows Authentication)

    Read the article

  • Ruby: having callbacks on 'attr' objects

    - by JP
    Essentially I'm wondering how to place callbacks on objects in ruby, so that when an object is changed in anyway I can automatically trigger other changes: class MyClass attr_reader :proxy def proxy=(string_proxy = "") begin @proxy = URI.parse("http://"+((string_proxy.empty?) ? ENV['HTTP_PROXY'] : string_proxy)) @http = Net::HTTP::Proxy.new(@proxy.host,@proxy.port) rescue @http = Net::HTTP end end end m = MyClass.new m.proxy = "myproxy.com:8080" p m.proxy # => <URI: @host="myproxy.com" @port=8080> # However changing m.proxy will not change the @http variable, as proxy= is not being called. # Desired functionality: m.proxy = nil # Now @http.class is Net::HTTP, not Net::HTTP::Proxy

    Read the article

  • Meraki wireless access point disconnects clients

    - by resolver101
    We have a Meraki MR16 Cloud Managed AP and it disconnects certain clients. The clients with Intel wireless cards work without any disconnects. The Meraki reports the follow in its event log: Sep 4 09:55:47 WPA authentication Sep 4 09:55:47 802.11 association channel: 11, rssi: 64 Sep 4 09:55:38 802.11 disassociation client has left AP Sep 4 09:55:38 WPA deauthentication vap: 0, radio: 0, aid: 1633956416 An example wireless network card which the Meraki disconnects is Realtek RTL8191SE 802.11b/g/n WiFi Adapter. The realtek laptop is sat 2 meters away from the AP and has a lot of signal and the Meraki reports minimal interference. Any ideas why it disconnects non-intel wireless network cards?

    Read the article

  • Tor : Stuck at Connecting to Relay Directory

    - by Ghassan
    i have never ever worked with tor before. the company where i work allows us to have access to any site we wish. nonetheless as of the the beginning of this month, they installed a proxy server to filter which sites can be accessed and which ones cant. the filter isnt only on URLS, but IPS as well, even hexa IPS wont work. so after some research, i decided to use tor, the first day i installed it, everything went smooth and i was accessing any website i wish. just 2day, everything stopped. i try 2 start vidalia, it gets stuck at Connecting to Relay Directory. i work on windows 7 platform. Please help me out! thanks in advance.

    Read the article

  • inetd / xinetd not working under cygwin

    - by Zimmy-DUB-Zongy-Zong-DUBBY
    I am trying to use xinetd (or inetd) with netcat to act as a TCP proxy. This setup works on Linux without issue. Under Cygwin, either as a service or from the a Cygwin command line, the (x)inetd fails to open netcat, with the error "no such file or directory". I have tried specifying /usr/bin/nc, /usr/bin/nc.exe, /cygdrive/d/cygwin/usr/bin/nc.exe, d:\cygwin\bin\nc.exe, and a TON of other combinations of forward flashes, backslashes, Windows paths and Cygwin paths. No matter what, I get errno 2, no such file or dir. Any ideas? I need this working ASAP. Edit: I thought it may have to do with it being in d:\cygwin (lame hardcoding?) but I tested it on a machine with cygwin on C:\, problem exists there too.

    Read the article

  • 503 Service Unavailable - What really it means?

    - by pandiya chendur
    Possible Dup: http://stackoverflow.com/questions/2529244/503-service-unavailable-what-really-it-means I am asking on behalf of original question poster because we both work in the same place... I developed a website and it loads in every other system but certainly not in mine ... WHen i used firebug my request show 503 Service Unavailable Firebug response header showed, Server squid/2.6.STABLE21 Date Sat, 27 Mar 2010 12:25:18 GMT Content-Type text/html Content-Length 1163 Expires Sat, 27 Mar 2010 12:25:18 GMT X-Squid-Error ERR_DNS_FAIL 0 X-Cache MISS from xavy X-Cache-Lookup MISS from xavy:3128 Via 1.0 xavy:3128 (squid/2.6.STABLE21) Proxy-Connection close For REF: please visit the original question and look at the answers and comments and help us out..

    Read the article

  • SharePoint MOSS - Serve HTTP content on an HTTPS page without Mixed Content Warning?

    - by kcb263
    Our "portal-like" SharePoint site is served using HTTPS/SSL. So a user goes to https://web.company.com and sees content and different Web Parts. So far, no problem. The desire now is to have new Web Parts added that either frame HTTP content (such as Weather Bug) or HTTP RSS feeds. The issue that arises is that by doing this, results in a "Mixed Content" warning in the browser. Has anybody successfully been able to implement such a scenario, or one similar to it? The options we have looked at, unsuccessfully, have been: using Apache Reverse Proxy Server mirror an external site Custom Web Parts

    Read the article

  • Disable ProxyPass rules within a virtual host on apache 2

    - by chinto
    I have a global proxypass rule in httpd.conf rules at global level ProxyPass /test/css http://myserver:7788/test/css ProxyPassReverse /test/css http://myserver:7788/test/css and I have a virtual host Listen localhost:7788 NameVirtualHost localhost:7788 <VirtualHost localhost:7788> Alias /test/css/ "C:/jboss/server/default/deploy/test.ear/test-web-app.war/css/" </VirtualHost> I would like to disable all global proxypass rules applying in this virtual host? NoProxy doesn't seem to work. (The reason I would like to do this is I have below global rules which create a 502 proxy loop if applied within this virtual host #pass all requests to application server ProxyPass /test http://localhost:8080/test ProxyPassReverse /test http://localhost:8080/test ) What I'm trying to do is, serve all static content (like css) using apache, while still proxying all the rest of requests to the application server.

    Read the article

  • Smart card / auditable access for rack KVM tray

    - by Mark Henderson
    Is there such a thing as a KVM Tray for a standard 19" rack whose use can be validated by a smartcard (or some other auditable authentication method)? It looks like we have a security requirement where just because users have a key to the rack doesn't mean they will be allowed to use the console inside the rack, and rather than just lock the console (and keep track of who has keys), we would prefer to be able to audit the actual user that was attached at the KVM. (It's worth mentioning that I'm aware of the Raritan devices, but they surely can't be the only ones) (If these things existed, I don't think half of the tratoirs that somehow manage to infiltrate CTU on the TV show 24 would ever get away with anything)

    Read the article

  • SSH Login to an EC2 instance failing with previously working keys...

    - by Matthew Savage
    We recently had an issues where I had rebooted our EC2 instance (Ubuntu x86_64, version 9.10 server) and due to an EC2 issue the instance needed to be stopped and was down for a few days. Now I have been able to bring the instance back online I cannot connect to SSH using the keypair which previously worked. Unfortunately SSH is the only way to get into this server, and while I have another system running in its place there are a number of things I would like to try and retrieve from the machine. Running SSH in verbose mode yields the following: [Broc-MBP.local]: Broc:~/.ssh ? ssh -i ~/.ssh/EC2Keypair.pem -l ubuntu ec2-xxx.compute-1.amazonaws.com -vvv OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009 debug1: Reading configuration data /Users/Broc/.ssh/config debug1: Reading configuration data /etc/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to ec2-xxx.compute-1.amazonaws.com [184.73.109.130] port 22. debug1: Connection established. debug3: Not a RSA1 key file /Users/Broc/.ssh/EC2Keypair.pem. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /Users/Broc/.ssh/EC2Keypair.pem type -1 debug3: Not a RSA1 key file /Users/Broc/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /Users/Broc/.ssh/id_rsa type 1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-6ubuntu2 debug1: match: OpenSSH_5.1p1 Debian-6ubuntu2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.2 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 123/256 debug2: bits set: 500/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /Users/Broc/.ssh/known_hosts debug3: check_host_in_hostfile: match line 106 debug3: check_host_in_hostfile: filename /Users/Broc/.ssh/known_hosts debug3: check_host_in_hostfile: match line 106 debug1: Host 'ec2-xxx.compute-1.amazonaws.com' is known and matches the RSA host key. debug1: Found key in /Users/Broc/.ssh/known_hosts:106 debug2: bits set: 521/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /Users/Broc/.ssh/id_rsa (0x100125f70) debug2: key: /Users/Broc/.ssh/EC2Keypair.pem (0x0) debug1: Authentications that can continue: publickey debug3: start over, passed a different list publickey debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /Users/Broc/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey debug1: Trying private key: /Users/Broc/.ssh/EC2Keypair.pem debug1: read PEM private key done: type RSA debug3: sign_and_send_pubkey debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey). [Broc-MBP.local]: Broc:~/.ssh ? So, right now I'm really at a loss and not sure what to do. While I've already got another system taking the place of this one I'd really like to have access back :|

    Read the article

  • Disable ProxyPass rules within a virtual host on apache 2

    - by chinto
    I have a global proxypass rule in httpd.conf rules at global level ProxyPass /test/css http://myserver:7788/test/css ProxyPassReverse /test/css http://myserver:7788/test/css and I have a virtual host Listen localhost:7788 NameVirtualHost localhost:7788 <VirtualHost localhost:7788> Alias /test/css/ "C:/jboss/server/default/deploy/test.ear/test-web-app.war/css/" </VirtualHost> I would like to disable all global proxypass rules applying in this virtual host? NoProxy doesn't seem to work. (The reason I would like to do this is I have below global rules which create a 502 proxy loop if applied within this virtual host #pass all requests to application server ProxyPass /test http://localhost:8080/test ProxyPassReverse /test http://localhost:8080/test ) What I'm trying to do is, serve all static content (like css) using apache, while still proxying all the rest of requests to the application server.

    Read the article

  • Squid site redirection

    - by AndyM
    I have an internal website that cannot be accessed from some machines on my network, due to the physical location, VPN ,network ranges etc. I would like to install Squid on "in between" network to forward request from the clients that cannot reach the website. The issue is the clients have no ability to connect to www.example.com , but they can reach a network with a squid proxy , which in turn can reach www.example.com What is the correct term I need to research in squid , is it just caching www.example.com or do I need to set the clients to use a URL that gets rewritten ? i.e www.squid-example.com -- www.example.com

    Read the article

  • Cisco Secure ACS 4.2 + TACACS+ - installed together or?

    - by Lance
    I'm tasked with installing Cisco Secure ACS (4.2 as its windows based). Do you install TACACS.net or something similar with ACS or does ACS facilitate the TACACS+ authentication? I can get my device to authenticate against a tacacs.net installation without much trouble but can't seem to figure out how one plugs ACS in, per se. I've installed ACS on the same server (is this my problem?) but no matter what I do I can only get my TACACS+ users to authenticate. Any helps/tips would be greatly appreciated!

    Read the article

  • Password protect web directory with htpasswd on Cherokee

    - by wdkrnls
    I have a directory on my Cherokee webserver that I am trying to password protect so that when I try to enter it from a web browser, I get a pop up demanding username and password. Needless to say I am getting stuck. I have created the .htaccess file with: AuthUserFile /srv/http/protected AuthGroupFile /dev/null AuthName "Protected Stuff" AuthType Basic Require valid-user And I used the apache-tools' htpasswd command: htpasswd -c .htpasswd wdkrnls I configured Cherokee with a behavior rule on the /protected directory which requires htpasswd authentication and restarted. I get Error 405 Method Not Allowed whenever I navigate there in a directory. What more do I need to do? Thanks for your help.

    Read the article

  • Lemonldap::ng + OpenID error in try generate

    - by spy86
    I am trying to configure authentication by OpenID in lemonldap::ng with this When I try http://auth.example.com/openidserver/username, I see following error: Unable to load Net::OpenID::Server Base class package "Net::OpenID::Server" is empty. (Perhaps you need to 'use' the module which defines that package first, or make that module available in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 . /etc/httpd). at /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/OpenID/Server.pm line 9 BEGIN failed--compilation aborted at /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/OpenID/Server.pm line 9, line 522. Compilation failed in require at /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/IssuerDBOpenID.pm line 40, line 522. LemonLDAP::NG Lemonldap::ng works in CentOS 6.4 and server have all update's

    Read the article

  • Can't log in using sa account for sql server 2008

    - by tessa
    I installed SQL Server 2008. During the install I set it to mixed mode authentication and set the password for what I assume is the sa account. In the configuration manager I set tcp/ip and named pipes to enabled. When I open SQL Server Management Studio and try to log in - username: sa, password: whatIjustsetintheinstall, it fails with the error: Login failed for user sa. (error 18456). The error in Event Viewer is - Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: <local machine>]. I know the password is right because I just set it. What am I doing wrong here? Is sa not the right user to be logging in with mixed mode? I've been reading through forum after forum but just cannot find anything that works.

    Read the article

  • Squid 3 reloading makes it stop serving requests

    - by coredump
    So, we use Squid 3 here (3.0.STABLE8-3+lenny4), pretty standard configuration (no dansguardian or similar) + NTLM authentication with LDAP background, circa 1000 users on a busy day, and our acls reference some external files (allowed/blocked sites/ip addresses). On Squid 2.X we used to be capable of reloading it's configuration (to add or sites or addresses to rules, etc) and squid would not stop serving during the reload. Since we changed to 3.0, that seems to be impossible: everytime we use reload (or -k reconfigure) it stop serving requests for as long as 2 minutes, and clients receive a Configured proxy is not accepting connections message. I checked the documentation and got nothing about it, does anyone else suffer from this problem or is it a isolated case on my setup? Also, if you have Squid 3.0 and doesn't suffer from this problem, how is your squid configured?

    Read the article

  • Identical traffic

    - by Walter White
    Hi all, I am running an application server and logging all requests for analysis purposes later. One interesting trend I noticed last night was, I had a visitor from Texas on FIOS share identical traffic with bluecoat in California. What would cause the traffic to be identical? For every request the visitor made, bluecoat made one subsequently within milliseconds of his request. If it is caching, why would there be identical requests? Wouldn't it go through the cache / proxy on their end, and I would only see the proxied request? I'm just curious, this is an interesting pattern that shows similarities of a DDoS attack, but with far fewer resources. Is it possible that the visitor had malware on their computer? Any other ideas? Walter

    Read the article

  • Route gameserver traffic through cloudflare?

    - by Michael
    I use cloudflare for my website and we have a gameserver I was wondering if it is possible to route traffic through cloudflare. This recently sprung into my head when I realized that I could route Shoutcast through another of cloudflares port (8080) which does not do any performance enhancing or anything it just acts as a reverse proxy and stops DDoS. I then tried by setting up a subdomain with my gameserver IP cloudflared and then pinged the IP and Port. It seems to have connections but when actually connecting via the game it doesnt. Any ideas?

    Read the article

  • Forcing logon to Air Watch server upon joining wifi

    - by DKNUCKLES
    I'm setting up a wireless controller that I would like to leave as unsecured. When a user connects to this network they need to be forwarded to a specific page where they can authenticate with the Air Watch system they have in place. Once authentication takes place, a profile will be downloaded to their device and we can administer the devices accordingly. I'm mulling over how I can force the page to the user when they log in. The methodology I'm thinking about working with is creating a NAT rule for that VSC that would forward all port 80 and 443 traffic to the airwatch server. Once they authenticate, a profile will be downloaded which will connect the devices to an Virtual Access Point who's SSID isn't broadcasted. Is this methodology correct or can someone think of an easier / more efficient way of accomplishing this? The controller is an HP MSM720 for what it's worth.

    Read the article

  • How to crash a program

    - by user2949019
    I have a program called BlueCoat Proxy installed on my school issued laptop that basically blocks every second website on the Internet, including stack exchange, YouTube and yahoo answers. I do not have administrator rights, nor can I delete anything in program files, I tried every possible method of obtaining admin rights. It is not accessible in task manager (it doesn't even appear there). I tried to close it with Windows command prompt through commands like 'taskkill' but it returns 'Access is Denied' (I'm only denied access with that program). Does anyone know a method of crashing a program with a batch file or VB program? I was thinking something like the ping command, though for a program. Maybe automating 1000 meaningless requests to the program? Your input on the subject matter is appreciated, however telling me that this is wrong or illegal is not.

    Read the article

  • accessing a web server from the LAN and WAN

    - by jessh
    My router does not support loopback. In order to view a webpage on my server, I either have to type in the local ip (192.168.1.201), or be on another network. What are my options for making this easier? Here are some possible things: Route all web traffic through an external proxy (seems to be overkill) Run my own DNS server (where to start?!) Buy a new router that supports loopback. Surely there is another way that I can use my laptop on the LAN and the WAN by typing in my domain more easily than these solutions.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 94 95 96 97 98 99 100 101 102 103 104 105  | Next Page >