You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Bolt Thrower <ty...@teiresias.net> on 2001/06/26 17:13:20 UTC

push_handlers and PerlAuthenHandler troubles [second try]

My apologies if you've seen this twice.

For a particular Location, I'd like to selectively (i.e., based on
arbitrary criteria) determine whether a visitor needs authentication.
So I set up a Location section in httpd.conf as follows:

<Location />
      AuthType Apache::AuthTicket
      AuthName HomeIntranet
      PerlAuthenHandler Intranet::CheckSiteAuthen
      #PerlAuthenHandler Apache::AuthTicket->authenticate
      PerlAuthzHandler Apache::AuthTicket->authorize
      require valid-user
</Location>

Intranet::CheckSiteAuthen looks like:

---[start]-----
package Intranet::CheckSiteAuthen;

use strict;
use DBI;
use Apache::Constants qw(:common);
use Intranet::common;

sub handler {
  my $r = shift;
  $r->warn("starting CheckSiteAuthen");
  $r->push_handlers(PerlAuthenHandler =>
'Apache::AuthTicket->authenticate');

  return DECLINED;
}


1;
---[end]-----

But when I try to access a location under that configuration,
I see in my error log:
[Mon Jun 25 18:33:55 2001] [crit] [client 192.168.10.15] configuration
error:  couldn't
check user.  No user file?: /u/IntranetLoginForm

(/u/IntranetLoginForm is the login CGI form that Apache::AuthTicket
uses).

All I'm trying to do at this point is set up a PerlAuthenHandler that
passes control to another one (Apache::AuthTicket->authenticate).

Of course, everything works with the configuration

<Location />
      AuthType Apache::AuthTicket
      AuthName HomeIntranet
      #PerlAuthenHandler Intranet::CheckSiteAuthen
      PerlAuthenHandler Apache::AuthTicket->authenticate
      PerlAuthzHandler Apache::AuthTicket->authorize
      require valid-user
</Location>

Any suggestions for me?

Thanks,

-- 
Steve Chadsey <ty...@teiresias.net>
Now playing: Devil's Child
(Judas Priest - "Screaming For Vengeance")

Re: push_handlers and PerlAuthenHandler troubles [second try]

Posted by Bolt Thrower <ty...@teiresias.net>.

Rodney Broom wrote:
> 
> > <Location />
> >       AuthType Apache::AuthTicket
> >       AuthName HomeIntranet
> >       PerlAuthenHandler Intranet::CheckSiteAuthen
> >       #PerlAuthenHandler Apache::AuthTicket->authenticate
> >       PerlAuthzHandler Apache::AuthTicket->authorize
> >       require valid-user
> > </Location>
> 
> 
> mod_auth supplies the "Auth*" dirrectives. Since he sees 'require
> valid-user', he's looking for the rest of the Auth* directives.
> Specifically, "AuthUserFile".

Thanks for the reply Rodney.  Anyway, I guess I just don't understand
why I'm getting the user file error with the above config, but if I
uncomment the PerlAuthenHandler Apache::AuthTicket->authenticate line,
it works as it should (gives me a login page).  All I want to do is have
authentication start at my Intranet::CheckSiteAuthen module, then hop to
the AuthTicket module if some condition is met.  If I uncomment both
	PerlAuthenHandler Intranet::CheckSiteAuthen
	PerlAuthenHandler Apache::AuthTicket->authenticate
lines, I get my login page, but authentication goes to
Apache::AuthTicket->authenticate regardless of what happens in
Intranet::CheckSiteAuthen.

Thanks,
-- 
Steve Chadsey <ty...@teiresias.net>

Re: push_handlers and PerlAuthenHandler troubles [second try]

Posted by Rodney Broom <rb...@Desert.NET>.

----- Original Message -----
From: Bolt Thrower <ty...@teiresias.net>

> <Location />
>       AuthType Apache::AuthTicket
>       AuthName HomeIntranet
>       PerlAuthenHandler Intranet::CheckSiteAuthen
>       #PerlAuthenHandler Apache::AuthTicket->authenticate
>       PerlAuthzHandler Apache::AuthTicket->authorize
>       require valid-user
> </Location>

> But when I try to access a location under that configuration,
> I see in my error log:
> [Mon Jun 25 18:33:55 2001] [crit] [client 192.168.10.15] configuration
> error:  couldn't
> check user.  No user file?: /u/IntranetLoginForm

mod_auth supplies the "Auth*" dirrectives. Since he sees 'require
valid-user', he's looking for the rest of the Auth* directives.
Specifically, "AuthUserFile".

I have a handler doing just what  you are describing, and  have the same
problem. My solution was to mandate that my mudule was the only thing
allowed to use Auth* configureation in the server config file and that
everybody else had to use .htaccess. But I still see that message
occasionally. My suggestion: if it work, then ignore the error message. :-)



> Of course, everything works with the configuration
> <Location />
>       AuthType Apache::AuthTicket
>       ...
> </Location>
> Any suggestions for me?

Yep, Auth* happens at the Directory level. From the docs:
    AuthUserFile
    Context: directory, .htaccess

So, if you have an other set of Auth* directives in the same scope, then
that can cause conflicts

---
Rodney Broom
Programmer: Desert.Net

Re: push_handlers and PerlAuthenHandler troubles [second try]

Posted by Doug MacEachern <do...@covalent.net>.

On Tue, 26 Jun 2001, Bolt Thrower wrote:

> My apologies if you've seen this twice.
> 
> For a particular Location, I'd like to selectively (i.e., based on
> arbitrary criteria) determine whether a visitor needs authentication.
> So I set up a Location section in httpd.conf as follows:

>       PerlAuthenHandler Intranet::CheckSiteAuthen
>       #PerlAuthenHandler Apache::AuthTicket->authenticate

> package Intranet::CheckSiteAuthen;
... 
> sub handler {
>   my $r = shift;
>   $r->warn("starting CheckSiteAuthen");
>   $r->push_handlers(PerlAuthenHandler =>
> 'Apache::AuthTicket->authenticate');

in the current sources, you cannot push a handler in the current
phase.  you could use a PerlAccessHandler to push the PerlAuthenHandler
instead.