Re: credential files

Chet Nichols III wrote:
On Wed, Jul 30, 2008 at 4:41 PM, <m.roth2006@xxxxxxx> wrote:

Does anyone have any idea how a browser recognizes that a cite is asking
for a credential file, and hands it back to it?

For example, I go to a site, and firefox suddenly says "this sites wants a
credential - is this the credential that you want to give it?" I've used a
plugin that shows me http headers and responses, and see nothing where that
happens.

Links? Pointers? Clues for the poor?
c
It almost sounds like it's a site you previously visited and used HTTP basic
authentication to access, and hit a checkbox to 'remember this information'.
So, you're visiting it again, Firefox goes "oh cool I have this login
information from the last time", and asks if you want to use the previous
information.. meaning, it's just something stored client side. If you hit
"yes", it will send an Authentication: Basic <base64-coded-login> header
along with the request.
Do you see any of that, or think that might be what's going on? Talk to you
soon!

No, There's no way for me to use the login information again (and I *never* do
that, anyway, I *always* type my password in, even on my system at home).

It's *way* more complicated than that. I'm going through the corporate security
platform, that uses IBM's WebSEAL, part of Tivoli. What I'm trying to do is run
a perl script to grab the rss feed from our group's website. I've got a
credential - a .pfx file - and I'm trying to hand it to WebSEAL the same way
that my browser does. There is ZERO information in IBM's online docs for
WebSEAL for what the *client* needs to hand it, and how to hand it. All they've
got is how to configure the server side (which I have utterly no control or
visibility into, though I'm trying to get some log entries from the guy who
does handle it).

So what I was doing was watching my browser's interaction going to the site,
and looking for requests for credentials. I don't see anything that I can
identify as such.

I reiterate: *bleah*

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Relevant Pages

  • Re: One user getting HTTP 401.1 error
    ... We've had odd cases where users can't access with IE but can with Firefox ... Contact the Web site administrator if you believe you should be able to ... Click the Refresh button to try again with different credentials. ... (nobody can access SharePoint from that computer, ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: How to redirect after setting session?
    ... > credentials, then clicks submit, the redirect fails with "Cannot find ... I've noticed this behavior occurs in Firefox every time - even the first ...
    (comp.lang.php)
  • Integrated Windows Authentication for Gecko-based browsers
    ... latest versions of Gecko-based browsers (Netscape 7.2, Mozilla 1.7, Firefox) ... now prompt for user's credentials. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Firefox issue
    ... When trying to access an intranet with firefox, ... I usually type "ntlm" in the filter as there are only ... will usually pass the credentials but unfortunately it ... I have days where it doesn't fail ...
    (microsoft.public.windows.server.sbs)
  • Several persistent XSS and CSRF on Wireless-G ADSL Gateway with SpeedBooster (WAG54GS)
    ... there are still several other persistent XSS plus the system-wide CSRF ... the router's HTTP interface are vulnerable to Cross-site Request ... the administrator hasn't changed the default credentials (admin/admin) ... "Administration" page inaccessible since 'history.back' will run ...
    (Bugtraq)