Moodle

NTLM authentication incorrectly reports automated login failure when login is successful

Details

  • Type: Sub-task Sub-task
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Fixed
  • Affects Version/s: 1.9
  • Fix Version/s: 1.9.5, 2.0
  • Component/s: Authentication
  • Labels:
    None
  • Environment:
    windows 2000, Apache 2.2.8, Postgresql 8.3.1, PHP 5.2.5, Moodle 1.9 latest
  • Affected Branches:
    MOODLE_19_STABLE
  • Fixed Branches:
    MOODLE_19_STABLE, MOODLE_20_STABLE

Description

The automated login routine starts, after a few seconds (less than 10) the automated login failed message is displayed, then the user is presented with the login screen, meanwhile the login was actually successful and at the top left of the login screen the message "You are logged in as Username (logout)" is displayed.

I have extended the time out figure from 3 to 30 seconds and still get this result on many occasions (a few successfully identify the login succeeded), yet clearly the login process is completing successfully in much less time than this.

When NTLM authentication was not part of the core it always identified correctly whether the login had succeeded or not.

Now the situation is very confusing for users, who are consistently successfully logging in automatically whilst being told their login has failed!

Is it not possible to correct the testing used so that successful logins are correctly identified?

Kind regards

Johnathan Kemp

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Iñaki Arenaza added a comment -

Petr,

this issue is being discussed at http://moodle.org/mod/forum/discuss.php?d=92341 so you might be interested in keeping an eye on it

Saludos. Iñaki

Show
Iñaki Arenaza added a comment - Petr, this issue is being discussed at http://moodle.org/mod/forum/discuss.php?d=92341 so you might be interested in keeping an eye on it Saludos. Iñaki
Hide
Permalink
Johnathan Kemp added a comment - - edited

I have tried the patches posted by Iñaki on the 27th and 29th March and located in the discussion thread mentioned above.

In the scenario I am referring to the login process is allowed to continue to a conclusion, without user intervention, i.e. at no time is the "continue" link used.

When left to complete without user intervention I am still getting an automated login failure message, leading eventually to a screen that displays the user login form whilst also stating at the top right that the user is logged in.

This issue is not resolved by either patch.

I appreciate your attempts to try to resolve this matter but we are not there yet.

Kind regards

Johnathan

Show
Johnathan Kemp added a comment - - edited I have tried the patches posted by Iñaki on the 27th and 29th March and located in the discussion thread mentioned above. In the scenario I am referring to the login process is allowed to continue to a conclusion, without user intervention, i.e. at no time is the "continue" link used. When left to complete without user intervention I am still getting an automated login failure message, leading eventually to a screen that displays the user login form whilst also stating at the top right that the user is logged in. This issue is not resolved by either patch. I appreciate your attempts to try to resolve this matter but we are not there yet. Kind regards Johnathan
Hide
Permalink
Charlie Owen (SonniesEdge) added a comment -

We are also experiencing this problem on the latest 1.9.2+ build.

It DOESN'T occur if we turn on dbsessions (but turning them on unfortunately puts a massive strain on our MySQL server).

Using Ubuntu 8.04, Apache2, MySQL5, PHP5 and mod_ntlm.

Show
Charlie Owen (SonniesEdge) added a comment - We are also experiencing this problem on the latest 1.9.2+ build. It DOESN'T occur if we turn on dbsessions (but turning them on unfortunately puts a massive strain on our MySQL server). Using Ubuntu 8.04, Apache2, MySQL5, PHP5 and mod_ntlm.
Hide
Permalink
Charlie Owen (SonniesEdge) added a comment -

After a bit more research we found out that it is eAccelerator in combination with dbsessions disabled that is causing this.

Show
Charlie Owen (SonniesEdge) added a comment - After a bit more research we found out that it is eAccelerator in combination with dbsessions disabled that is causing this.
Hide
Permalink
Charlie Owen (SonniesEdge) added a comment -

It seems that every time the false negative occurs it is because $cf[$key] is not being set. Not too sure why yet.

Show
Charlie Owen (SonniesEdge) added a comment - It seems that every time the false negative occurs it is because $cf[$key] is not being set. Not too sure why yet.
Hide
Permalink
Iñaki Arenaza added a comment -

This should be fixed in the latest CVS version of 1.9 and HEAD.

Saludos. Iñaki.

Show
Iñaki Arenaza added a comment - This should be fixed in the latest CVS version of 1.9 and HEAD. Saludos. Iñaki.
Hide
Permalink
Johnathan Kemp added a comment -

I have just updated my test server using the CVS from 18th Feb 2009 and I can confirm that the automated login routine now both successfully logs you in AND then redirects to the site home page.

Many thanks to all involved for getting this fixed

Johnathan

Show
Johnathan Kemp added a comment - I have just updated my test server using the CVS from 18th Feb 2009 and I can confirm that the automated login routine now both successfully logs you in AND then redirects to the site home page. Many thanks to all involved for getting this fixed Johnathan

People

Vote (2)
Watch (4)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.