Closed Bug 48047 Opened 25 years ago Closed 24 years ago

M16 and M17 won't talk to our intranet Web server (no username/password prompt)

Categories

(Core :: Networking: HTTP, defect, P3)

Product:
Core
Component:
Networking: HTTP
Platform:
x86
Windows 98
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 44041
Milestone:
Future

People

(Reporter: torbjorn, Assigned: gagan)

Details

(I've somewhat presumptously labelled this as "blocker" because it's what keeps me from using Mozilla on a daily basis. I'm not sure if "Single Signon" is the correct component either, but it's my best guess.) At some point after M15, Mozilla stopped talking to our intranet Web server. Other non-Microsoft Web servers such as Netscape 4, Emacs/W3, Mozilla M15, etc. prompt for username and password, which leads me to believe that the problem isn't with the Web server. At least not completely. Mozilla M16 and M17 "think" for a fraction of a second, and then nothing. Just a "Document: Done (0.38 secs)" or some such in the status field. Whatever page it was displaying before remains unchanged. I wish I could write a better bug report than this - I really do - but I haven't the faintest clue on how to go about debugging this. Sorry.
It's not single signon. Sounds like it's probably networking. Reassigning.
Assignee: morse → gagan
Component: Single Signon → Networking
QA Contact: sairuh → tever
I've seen problems with <input type="login"> <input type="password"> not being passed back in forms on win 95. I was presuming it was bad html, maybe not, maybe it's relevant to this. If I have time I'll try and create a testcase.
Well, I've just filed bug 48181, which produces similar symptoms on my intranet site. You might want to take a look, just in case. Otherwise, I'll shut up.
Can you please download a newer build (either M18 or a daily) and test again. Also, could you give a bit more information on what type of login this is?
I tried downloading the version in the 2000-08-08-21-M18 directory a few days ago, and that one definitely has the same problem. I tried 2000-08-11-09-M18 today, and it seems to have the same problem. (It's hard to say for certain because it keeps crashing on me when I enter an URL by hand.) As for what type of login... I'm afraid I don't know what types there are. I asked a friend here who told me that the local Web server is IIS running on NT 4 (probably service pack 3 or 5). According to the settings, the authentication methods being used are "Basic Authentication (Password is sent in Clear Text)" and "Windows NT Challenge/Response". Is that of any help, or is there other information I should look for?
torbjorn@dev.eurotime.se - do you think you are you hitting bug 44041? Gerv
I suppose it could be related to bug 44041, yes. While I don't fully understand what that one is about, I do seem to get multiple WWW-Authenticate headers. Based on the comments to that bug, I tried: telnet> open iw 80 Trying 192.168.16.18... Connected to iw.saffle. Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 401 Access Denied WWW-Authenticate: NTLM WWW-Authenticate: Basic realm="192.168.16.18" Content-Length: 644 Content-Type: text/html Earlier today, before even reading the previous comment, I tried accessing the page using Lynx. Before prompting for username and password it complained: Alert!: Invalid header 'WWW-Authenticate: NTLM' Alert!: Access without authorization denied -- retrying
So are you saying that (if Lynx complains as well) you have a pants intranet webserver, or is there more to it than that? I've added a dependency rather than marked this as a dupe. Gerv
Depends on: 44041
("Pants" is a new idiom to me, but I've tentatively decided that it means "****".) I don't know. I don't know enough of the interaction between client and server. I've skimmed through parts of RFC 2616 and 2617, and it seems to me that the server is allowed to send more than one WWW-Authenticate header. NTLM is probably the "Windows NT Challenge/Response" thing. (Is that what allows IE to access the pages without prompting for username/password?) What little information I've found about NTLM that I've actually understood suggests that it isn't part of any HTTP standard, and that it may actually violate the specified syntax for the header. (For some reason, that wouldn't surprise me one bit.) If so, the question is what the browser should do if the first WWW-Authenticate header it sees is gibberish. Should it stop there, or should it check if there are any others that make more sense? (As I mentioned above, other browsers I've tried - including earlier versions of Mozilla - prompt for username/password, so they seem to do the latter.) I'm sure you know a lot more about the issues involved here than I could hope to learn in the near future, so I'll leave these questions to you.
I've found out as much as I can about this for you, gagan - time for you to have a look at this :-) Confirming. Gerv
Status: UNCONFIRMED → NEW
Ever confirmed: true
This seems to dublicate 44041 (in principle, anyway), as this is exactly the problem I was having, with the "pants" web server IIS/NT4 "Basic vs. Challenge auth". If this isn't a dup, sorry for the spam, but if it is, you might want to "close as dup".
Target Milestone: --- → Future
dup *** This bug has been marked as a duplicate of 44041 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
verif. DUP
Status: RESOLVED → VERIFIED
Component: Networking → Networking: HTTP
QA Contact: tever → httpqa
No longer depends on: 44041
You need to log in before you can comment on or make changes to this bug.