You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Maxime Petazzoni <ma...@bulix.org> on 2005/10/26 01:49:15 UTC
[PATCH] Multiple AuthUserFile support
Hi,
In the light of the issue reported by noodl at
http://eul0000113.eu.verio.net/~noodl/apache_issues.txt I decided to
implement multiple AuthUserFile support.
The behavior is the same as for a single AuthUserFile : the first line
matching the username is used, regardless of what's coming next.
The attached patch is against current httpd trunk (r328504), compiles
without warnings and has been tested successfully on my local Apache
build (Gcc 4.0.2, apr and apr-util from trunk, too).
** Since this is security related, and since I changed a little bit
the way check_password returns, I would be very pleased if this point
could be reviewed with particular attention. **
Regards,
- Sam
--
Maxime Petazzoni (http://www.bulix.org)
-- gone crazy, back soon. leave message.
Re: [PATCH] Multiple AuthUserFile support
Posted by Graham Leggett <mi...@sharp.fm>.
Maxime Petazzoni wrote:
> You're right. But I don't think everybody as such an extensive
> knowledge of the authentication configuration. The example you gave
> may look simple to you, but I believe adding multiple AuthUserFile
> lines to a "classic" Basic Auth configuration schema is a lot more
> intuitive :
>
> AuthType Basic
> AuthName "Developpement HTTPd server"
> AuthUserFile /home/sam/.local/access.user
> AuthUserFile /home/sam/.local/access.user2
> Require valid-user
>
> Just my 2 ¢,
+1.
Regards,
Graham
--
Re: [PATCH] Multiple AuthUserFile support
Posted by Maxime Petazzoni <ma...@bulix.org>.
* Justin Erenkrantz <ju...@erenkrantz.com> [2005-10-25 17:05:57]:
> --On October 26, 2005 1:49:15 AM +0200 Maxime Petazzoni
> <ma...@bulix.org> wrote:
>
> >In the light of the issue reported by noodl at
> >http://eul0000113.eu.verio.net/~noodl/apache_issues.txt I decided to
> >implement multiple AuthUserFile support.
>
> I don't get it.
>
> mod_authn_alias is the solution here. Like so:
>
> ---
> <AuthnProviderAlias file foo>
> AuthUserFile conf/foo-user
> </AuthnProviderAlias>
>
> <AuthnProviderAlias file foo1>
> AuthUserFile conf/foo1-user
> </AuthnProviderAlias>
>
> AuthBasicProvider foo foo1
> ---
>
> So, I don't think extending AuthUserFile doesn't make sense; and the
> mod_authn_alias approach already works today... -- justin
You're right. But I don't think everybody as such an extensive
knowledge of the authentication configuration. The example you gave
may look simple to you, but I believe adding multiple AuthUserFile
lines to a "classic" Basic Auth configuration schema is a lot more
intuitive :
AuthType Basic
AuthName "Developpement HTTPd server"
AuthUserFile /home/sam/.local/access.user
AuthUserFile /home/sam/.local/access.user2
Require valid-user
Just my 2 ¢,
- Sam
--
Maxime Petazzoni (http://www.bulix.org)
-- gone crazy, back soon. leave message.
Re: [PATCH] Multiple AuthUserFile support
Posted by Justin Erenkrantz <ju...@erenkrantz.com>.
--On October 26, 2005 1:49:15 AM +0200 Maxime Petazzoni
<ma...@bulix.org> wrote:
> In the light of the issue reported by noodl at
> http://eul0000113.eu.verio.net/~noodl/apache_issues.txt I decided to
> implement multiple AuthUserFile support.
I don't get it.
mod_authn_alias is the solution here. Like so:
---
<AuthnProviderAlias file foo>
AuthUserFile conf/foo-user
</AuthnProviderAlias>
<AuthnProviderAlias file foo1>
AuthUserFile conf/foo1-user
</AuthnProviderAlias>
AuthBasicProvider foo foo1
---
So, I don't think extending AuthUserFile doesn't make sense; and the
mod_authn_alias approach already works today... -- justin