Re: Https user auth?
Date: Mon, 18 Dec 2000 17:06:41 -0600
Apologies if someone's already responded - I usually get these a little later than most...
My first guess would be that your web server is expecting NTLM authentication, or possibly no authentication.
To verify: I'd try the same request, but remove the -u parm, and add a -v (verbose). You should get back some headers that say which authentication methods are accepted for this URL - perhaps BASIC or NTLM. If you don't see Basic listed, you can't use Basic authentication (the -u option) to access that url.
If the server is yours, you could check the event log to see if there are any security violations that would point you in the right direction...
>>> Erik Parker <eparker_at_mindsec.com> 12/18/00 4:23 PM >>>
curl -u username:pass -A "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" https://secure.domain.com/subdir/file.txt
Strangely using this doesn't work. If I use IE to the same url, same
User/pass, works just fine.
The remote server is running IIS.. I don't know anything more about it
really, except that if it were Apache, I bet it'd work.
IIS gives the error "HTTP 401.3 - Access denied by ACL on resource"
* SSL connection using EXP1024-RC4-SHA
* Server certificate:
* issuer: /C=US/O=RSA Data Security, Inc./OU=Secure Server
* Connected to secure.domain.com (#.#.#.#)
> GET /subdir/file.txt HTTP/1.0
Authorization: Basic aGVscG15Ym9va3NcYWVsaXg6YWVsaXg=
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
An armed society, is a polite society.
Received on 2000-12-19