Opened 18 years ago
Closed 17 years ago
#4437 closed (fixed)
Apache auth recipe does not work in Apache 2.2
Reported by: | Owned by: | nobody | |
---|---|---|---|
Component: | Documentation | Version: | 0.96 |
Severity: | Keywords: | ||
Cc: | Triage Stage: | Ready for checkin | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
I'm still sorting this out, but I believe that changes in Apache 2.2 have broken the auth recipe here: http://www.djangoproject.com/documentation/apache_auth/
The error produced is Internal error: pcfg_openfile() called with NULL filename
.
A bit of information on the changes (along with a suggestion for a related change) is here: https://issues.apache.org/jira/browse/MODPYTHON-169
Attachments (2)
Change History (14)
comment:1 by , 18 years ago
comment:2 by , 18 years ago
Has patch: | set |
---|
OK, that's correct, thanks. I'll attach a documentation patch.
by , 18 years ago
Attachment: | apache_auth.diff added |
---|
comment:3 by , 18 years ago
Triage Stage: | Unreviewed → Ready for checkin |
---|
comment:4 by , 18 years ago
For what it's worth, even though the above change did get auth functioning as noted, I just noticed that I'm still getting those
Internal error: pcfg_openfile() called with NULL filename
errors in my Apache log on every request. The documentation patch is probably still a good idea, but someone else will have to chime in on whether that's sufficient for error-free operation or not. I'm out of troubleshooting time for now and don't want to turn this ticket into a help thread.
comment:5 by , 18 years ago
The full list of such directives is:
AuthBasicAuthoritative
AuthDefaultAuthoritative
AuthzLDAPAuthoritative
AuthzDBMAuthoritative
AuthzDefaultAuthoritative
AuthzGroupFileAuthoritative
AuthzOwnerAuthoritative
AuthzUserAuthoritative
Which you actually have to turn Off depends a bit on which authentication/authorisation features of Apache you are using. Since you didn't actually provide your Apache configuration snippet I made a guess, but likely you need one of the others. As a second guess I would say:
AuthzGroupFileAuthoritative Off
If updating Django documentation, just make sure you are quite specific that these are Apache 2.2 options as they do not exist in Apache 2.0.
comment:6 by , 18 years ago
Patch needs improvement: | set |
---|---|
Triage Stage: | Ready for checkin → Accepted |
Probably a bit optimistic to call this ready for checkin now, in light of comment 5. Let's improve the patch a bit first.
comment:7 by , 17 years ago
OK, here's a revised patch that reflects my current understanding of the issue.
comment:8 by , 17 years ago
Patch needs improvement: | unset |
---|
With hopefulness I'm unchecking the "patch needs improvement" box, but I'd appreciate some review to ensure I've explained things correctly.
follow-up: 11 comment:9 by , 17 years ago
Triage Stage: | Accepted → Ready for checkin |
---|
We should be more authoritative and actually tell people which to turn off rather than just a vague "turn off some of these". This will need someone doing some testing obviously.
For now, it's probably worth just checking this in so that people have something to refer to in the docs and then opening another ticket.
comment:10 by , 17 years ago
More in the "note to self" department for when it comes time to check this in: adding a link to the Apache issue article Paul referred to initially is worthwhile.
comment:11 by , 17 years ago
Replying to SmileyChris:
We should be more authoritative and actually tell people which to turn off rather than just a vague "turn off some of these". This will need someone doing some testing obviously.
My understanding is that which of those off-directives you need to include depends on which auth modules you have loaded in your httpd.conf; but this is one of those details I was hoping for some confirmation on.
comment:12 by , 17 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
That MODPYTHON-169 issue is not really relevant to the problem.
What you probably need to do is simply add:
to your Apache configuration.
This tells Apache that it is okay for Apache not to perform the actual basic authorisation and for it to be handed off to the authenhandler() supplied by mod_python without complaint.
For more details see: