Opened 17 years ago

Closed 17 years ago

#4437 closed (fixed)

Apache auth recipe does not work in Apache 2.2

Reported by: Paul Bx <pb@…> Owned by: nobody
Component: Documentation Version: 0.96
Severity: Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

I'm still sorting this out, but I believe that changes in Apache 2.2 have broken the auth recipe here: http://www.djangoproject.com/documentation/apache_auth/

The error produced is Internal error: pcfg_openfile() called with NULL filename.

A bit of information on the changes (along with a suggestion for a related change) is here: https://issues.apache.org/jira/browse/MODPYTHON-169

Attachments (2)

apache_auth.diff (658 bytes ) - added by Paul <pb@…> 17 years ago.
apache_auth.2.diff (1.1 KB ) - added by pb@… 17 years ago.
revised patch

Download all attachments as: .zip

Change History (14)

comment:1 by anonymous, 17 years ago

That MODPYTHON-169 issue is not really relevant to the problem.

What you probably need to do is simply add:

AuthBasicAuthoritative Off

to your Apache configuration.

This tells Apache that it is okay for Apache not to perform the actual basic authorisation and for it to be handed off to the authenhandler() supplied by mod_python without complaint.

For more details see:

http://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html

comment:2 by Paul <pb@…>, 17 years ago

Has patch: set

OK, that's correct, thanks. I'll attach a documentation patch.

by Paul <pb@…>, 17 years ago

Attachment: apache_auth.diff added

comment:3 by Simon G. <dev@…>, 17 years ago

Triage Stage: UnreviewedReady for checkin

comment:4 by Paul Bx <pb@…>, 17 years ago

For what it's worth, even though the above change did get auth functioning as noted, I just noticed that I'm still getting those

Internal error: pcfg_openfile() called with NULL filename

errors in my Apache log on every request. The documentation patch is probably still a good idea, but someone else will have to chime in on whether that's sufficient for error-free operation or not. I'm out of troubleshooting time for now and don't want to turn this ticket into a help thread.

comment:5 by anonymous, 17 years ago

The full list of such directives is:

AuthBasicAuthoritative
AuthDefaultAuthoritative
AuthzLDAPAuthoritative
AuthzDBMAuthoritative
AuthzDefaultAuthoritative
AuthzGroupFileAuthoritative
AuthzOwnerAuthoritative
AuthzUserAuthoritative

Which you actually have to turn Off depends a bit on which authentication/authorisation features of Apache you are using. Since you didn't actually provide your Apache configuration snippet I made a guess, but likely you need one of the others. As a second guess I would say:

AuthzGroupFileAuthoritative Off

If updating Django documentation, just make sure you are quite specific that these are Apache 2.2 options as they do not exist in Apache 2.0.

comment:6 by Malcolm Tredinnick, 17 years ago

Patch needs improvement: set
Triage Stage: Ready for checkinAccepted

Probably a bit optimistic to call this ready for checkin now, in light of comment 5. Let's improve the patch a bit first.

comment:7 by pb@…, 17 years ago

OK, here's a revised patch that reflects my current understanding of the issue.

by pb@…, 17 years ago

Attachment: apache_auth.2.diff added

revised patch

comment:8 by anonymous, 17 years ago

Patch needs improvement: unset

With hopefulness I'm unchecking the "patch needs improvement" box, but I'd appreciate some review to ensure I've explained things correctly.

comment:9 by Chris Beaven, 17 years ago

Triage Stage: AcceptedReady for checkin

We should be more authoritative and actually tell people which to turn off rather than just a vague "turn off some of these". This will need someone doing some testing obviously.

For now, it's probably worth just checking this in so that people have something to refer to in the docs and then opening another ticket.

comment:10 by Malcolm Tredinnick, 17 years ago

More in the "note to self" department for when it comes time to check this in: adding a link to the Apache issue article Paul referred to initially is worthwhile.

in reply to:  9 comment:11 by anonymous, 17 years ago

Replying to SmileyChris:

We should be more authoritative and actually tell people which to turn off rather than just a vague "turn off some of these". This will need someone doing some testing obviously.

My understanding is that which of those off-directives you need to include depends on which auth modules you have loaded in your httpd.conf; but this is one of those details I was hoping for some confirmation on.

comment:12 by Jacob, 17 years ago

Resolution: fixed
Status: newclosed

(In [6309]) Fixed #4437: added notes to the modpython auth handler documentation about using the handler with Apache 2.2. Thanks to Paul Bissex for the beginnings of the patch, and Graham Dumpleton for the rest of the info.

Note: See TracTickets for help on using tickets.
Back to Top