credential files

mark m.roth2006 at rcn.com
Thu Jul 31 12:46:31 UTC 2008 

Chet Nichols III wrote:
> On Wed, Jul 30, 2008 at 4:41 PM, <m.roth2006 at rcn.com> wrote:
>
>> Does anyone have any idea how a browser recognizes that a cite is asking
>> for a credential file, and hands it back to it?
>>
>> For example, I go to a site, and firefox suddenly says "this sites wants a
>> credential - is this the credential that you want to give it?" I've used a
>> plugin that shows me http headers and responses, and see nothing where that
>> happens.
>>
>> Links? Pointers? Clues for the poor?
c
> It almost sounds like it's a site you previously visited and used HTTP basic
> authentication to access, and hit a checkbox to 'remember this information'.
> So, you're visiting it again, Firefox goes "oh cool I have this login
> information from the last time", and asks if you want to use the previous
> information.. meaning, it's just something stored client side. If you hit
> "yes", it will send an Authentication: Basic <base64-coded-login> header
> along with the request.
> Do you see any of that, or think that might be what's going on? Talk to you
> soon!

No, There's no way for me to use the login information again (and I *never* do
that, anyway, I *always* type my password in, even on my system at home).

It's *way* more complicated than that. I'm going through the corporate security
platform, that uses IBM's WebSEAL, part of Tivoli. What I'm trying to do is run
a perl script to grab the rss feed from our group's website. I've got a
credential - a .pfx file - and I'm trying to hand it to WebSEAL the same way
that my browser does. There is ZERO information in IBM's online docs for
WebSEAL for what the *client* needs to hand it, and how to hand it. All they've
got is how to configure the server side (which I have utterly no control or
visibility into, though I'm trying to get some log entries from the guy who
does handle it).

So what I was doing was watching my browser's interaction going to the site,
and looking for requests for credentials. I don't see anything that I can
identify as such.

I reiterate: *bleah*

	mark

More information about the redhat-list mailing list