Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Basic auth failing
2017-07-12, 08:14
Post: #1
Basic auth failing
Hello,

I've been trying to download a file from a server. My code is working fine as long as I do not request for an authentication. However, that is not what I want.

I use this code to download the file (using a restful API):
Code:
chain http://${username:uristring}:${password:uristring}@10.1.2.220:8080/ufws/users/${username:uristring}
I read somewhere that when using basic auth, iPXE first try to download the file without using the credentials, but if the server return a 401 error code, then iPXE try to download it using them. After many tests and checking the logs, I came to the conclusion that it was not working this way (at least in my case). iPXE only tries to download the file once and it does not use the credentials I give to it.

To make sure of that, I did a test on another apache server on which I put this code:
Code:
<?php
http_response_code(401);
?>
When doing a chain request on it (using credentials), this is what I have in the logs:
Code:
10.0.0.104 - - [12/Jul/2017:09:06:23 +0200] "GET /test.php HTTP/1.1" 401 - "-" "iPXE/1.0.0+ (dc795b9f)"
As you can see, it only tries once. There is only one request.

So I thought it was coming form the version of iPXE I was using. But I've tried with four different versions (the oldest one being from 2015 and the more recent one being the latest on git) and it is always the same.

I've tried mainly on qemu by using this command:
Code:
qemu-kvm -m 1024 ipxe.iso
I have also done some tests on VirtualBox.

I do not have anymore idea. Can someone helps me on this, please?
Find all posts by this user
Quote this message in a reply
2017-07-12, 17:39
Post: #2
RE: Basic auth failing
When iPXE outputs errors it always gives an message and link to ipxe.org, Please always provide this information when asking for help since it makes it easier to track down what is going wrong and where.

I think you also need a WWW-Authenticate header

Even wikipedia has relevant information https://en.wikipedia.org/wiki/Basic_acce...entication

And from the relevant RFC: https://tools.ietf.org/html/rfc7235#section-3.1

Quote:The 401 (Unauthorized) status code indicates that the request has not
been applied because it lacks valid authentication credentials for
the target resource. The server generating a 401 response MUST send
a WWW-Authenticate header field
(Section 4.1) containing at least one
challenge applicable to the target resource.

Read FAQ before first post!
Are relevant ipxe.org error urls and PCIIDs included?
Visit this user's website Find all posts by this user
Quote this message in a reply
2017-07-13, 14:58
Post: #3
RE: Basic auth failing
Thank you for your answer and your help.

You are right, I did not post any error code. However, the reason is that I don't have any error code. I disabled the authentication on my server (so that I can realize some tests in a faster way). I just check in the logs if the users is "unknown" or "guest". When the user is "unknown" then this means that the identification failed.

While waiting for your response, I did further tests. I've tried again by using the embedded ipxe that VirtualBox has. Surprisingly it works. But I still don't understand why it is not working on the various ipxe.iso I used before.

This also means that the problem is not coming from my server, but from the ipxe.iso I used.

Do I need to do something particular when generating the ipxe.iso? Do I need to add a parameter or something?

Again, thanks for your help.
Find all posts by this user
Quote this message in a reply
2017-07-13, 17:11
Post: #4
RE: Basic auth failing
(2017-07-13 14:58)tim Wrote:  This also means that the problem is not coming from my server, but from the ipxe.iso I used.

Your issue most likely is that your PHP code is not RFC compliant.
Check which versions is used by vbox and your iso.
And then post the actual error message that you get from iPXE,

guessing what actually happens is not wisely spent time Wink

Read FAQ before first post!
Are relevant ipxe.org error urls and PCIIDs included?
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 




User(s) browsing this thread: 1 Guest(s)