Django

Code

Ticket #4437 (closed: fixed)

Opened 1 year ago

Last modified 1 year ago

Apache auth recipe does not work in Apache 2.2

Reported by: Paul Bx <pb@e-scribe.com> Assigned to: nobody
Milestone: Component: Documentation
Version: 0.96 Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: 1 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description

I'm still sorting this out, but I believe that changes in Apache 2.2 have broken the auth recipe here: http://www.djangoproject.com/documentation/apache_auth/

The error produced is Internal error: pcfg_openfile() called with NULL filename.

A bit of information on the changes (along with a suggestion for a related change) is here: https://issues.apache.org/jira/browse/MODPYTHON-169

Attachments

apache_auth.diff (0.6 kB) - added by Paul <pb@e-scribe.com> on 06/05/07 05:30:41.
apache_auth.2.diff (1.1 kB) - added by pb@e-scribe.com on 06/16/07 15:31:23.
revised patch

Change History

06/01/07 21:19:21 changed by anonymous

  • needs_better_patch changed.
  • needs_tests changed.
  • needs_docs changed.

That MODPYTHON-169 issue is not really relevant to the problem.

What you probably need to do is simply add:

AuthBasicAuthoritative? Off

to your Apache configuration.

This tells Apache that it is okay for Apache not to perform the actual basic authorisation and for it to be handed off to the authenhandler() supplied by mod_python without complaint.

For more details see:

http://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html

06/05/07 05:28:59 changed by Paul <pb@e-scribe.com>

  • has_patch set to 1.

OK, that's correct, thanks. I'll attach a documentation patch.

06/05/07 05:30:41 changed by Paul <pb@e-scribe.com>

  • attachment apache_auth.diff added.

06/05/07 07:48:15 changed by Simon G. <dev@simon.net.nz>

  • stage changed from Unreviewed to Ready for checkin.

06/05/07 10:04:46 changed by Paul Bx <pb@e-scribe.com>

For what it's worth, even though the above change did get auth functioning as noted, I just noticed that I'm still getting those 

Internal error: pcfg_openfile() called with NULL filename

errors in my Apache log on every request. The documentation patch is probably still a good idea, but someone else will have to chime in on whether that's sufficient for error-free operation or not. I'm out of troubleshooting time for now and don't want to turn this ticket into a help thread.

06/05/07 18:32:42 changed by anonymous

The full list of such directives is:

AuthBasicAuthoritative? AuthDefaultAuthoritative? AuthzLDAPAuthoritative AuthzDBMAuthoritative AuthzDefaultAuthoritative? AuthzGroupFileAuthoritative? AuthzOwnerAuthoritative? AuthzUserAuthoritative?

Which you actually have to turn Off depends a bit on which authentication/authorisation features of Apache you are using. Since you didn't actually provide your Apache configuration snippet I made a guess, but likely you need one of the others. As a second guess I would say:

AuthzGroupFileAuthoritative? Off

If updating Django documentation, just make sure you are quite specific that these are Apache 2.2 options as they do not exist in Apache 2.0.

06/10/07 01:46:18 changed by mtredinnick

  • needs_better_patch set to 1.
  • stage changed from Ready for checkin to Accepted.

Probably a bit optimistic to call this ready for checkin now, in light of comment 5. Let's improve the patch a bit first.

06/16/07 15:03:46 changed by pb@e-scribe.com

OK, here's a revised patch that reflects my current understanding of the issue.

06/16/07 15:31:23 changed by pb@e-scribe.com

  • attachment apache_auth.2.diff added.

revised patch

06/17/07 11:50:28 changed by anonymous

  • needs_better_patch deleted.

With hopefulness I'm unchecking the "patch needs improvement" box, but I'd appreciate some review to ensure I've explained things correctly.

(follow-up: ↓ 11 ) 06/17/07 17:45:01 changed by SmileyChris

  • stage changed from Accepted to Ready for checkin.

We should be more authoritative and actually tell people which to turn off rather than just a vague "turn off some of these". This will need someone doing some testing obviously.

For now, it's probably worth just checking this in so that people have something to refer to in the docs and then opening another ticket.

06/17/07 18:39:16 changed by mtredinnick

More in the "note to self" department for when it comes time to check this in: adding a link to the Apache issue article Paul referred to initially is worthwhile.

(in reply to: ↑ 9 ) 06/17/07 21:33:59 changed by anonymous

Replying to SmileyChris:

We should be more authoritative and actually tell people which to turn off rather than just a vague "turn off some of these". This will need someone doing some testing obviously.

My understanding is that which of those off-directives you need to include depends on which auth modules you have loaded in your httpd.conf; but this is one of those details I was hoping for some confirmation on.

09/15/07 13:52:29 changed by jacob

  • status changed from new to closed.
  • resolution set to fixed.

(In [6309]) Fixed #4437: added notes to the modpython auth handler documentation about using the handler with Apache 2.2. Thanks to Paul Bissex for the beginnings of the patch, and Graham Dumpleton for the rest of the info.

Add/Change #4437 (Apache auth recipe does not work in Apache 2.2)




Change Properties
Action