9
votes

I'm trying to access a protected file. Server is using digest authentication - which I can see from the printed out response. Here is the sample code:

use LWP;
use strict;

my $url = 'http://somesite.com/aa/bb/cc.html';
my $username = 'scott';
my $password = 'tiger';

my $browser = LWP::UserAgent->new('Mozilla');
$browser->credentials("http://somesite.com:80","realm-name",$username=>$password);
my $response=$browser->get($url);

print $response->content;

Name of the realm I got it from the popup window I get when I try to access that resource from the browser. Same username and password are working extremely fine in the browser and I'm able to see the content but when I run the above script it always says 401 Authorization required.

How does LWP work?

Do I need to ask LWP to send MD5 hash (digest) of the username and password or is it like internally it checks which authentication to use and sends the corresponding (basic/digest) way of sending credentials. My questions are

  1. How can I set LWP so that it sends digest of username and password?
  2. What if the server is using windows NTLM authentication protocol? How should I go about in such a situation?

any quick help is highly appreciated !

4
Try to remove port number from "http://somesite.com:80".Ivan Nevostruev
It's not port but http:// should be removed - thanks IvanRam

4 Answers

18
votes

Consider the following excerpt from the LWP::UserAgent module's documentation:

$ua->credentials( $netloc, $realm )
$ua->credentials( $netloc, $realm, $uname, $pass )

Get/set the user name and password to be used for a realm.

The $netloc is a string of the form "<host>:<port>". The username and password will only be passed to this server. Example:

$ua->credentials("www.example.com:80", "Some Realm", "foo", "secret");

Change

$browser->credentials("http://somesite.com:80","realm-name",$username=>$password);

to

$browser->credentials("somesite.com:80","realm-name",$username=>$password);
12
votes

HTTP GET Authed Request can also be done as follows

use LWP::UserAgent;

my $address = "localhost";
my $port = "8080";
my $username = "admin";
my $pass = "password";

my $browser = LWP::UserAgent->new;
my $req =  HTTP::Request->new( GET => "http://$address:$port/path");
$req->authorization_basic( "$username", "$pass" );
my $page = $browser->request( $req );
3
votes

When you have these sorts of issues, use an HTTP sniffer to watch the transaction so you can see the headers your program is sending. In this case, you're probably not sending the credentials at all since the HTTP status is 401 instead of 403. That usually means you've made a mistake with the credentials, as gbacon notes in his answer.

0
votes

I solved this by installing perl-NTLM.noarch on Red Hat 7.