You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Bolt Thrower <ty...@teiresias.net> on 2001/06/26 17:13:20 UTC
push_handlers and PerlAuthenHandler troubles [second try]
My apologies if you've seen this twice.
For a particular Location, I'd like to selectively (i.e., based on
arbitrary criteria) determine whether a visitor needs authentication.
So I set up a Location section in httpd.conf as follows:
<Location />
AuthType Apache::AuthTicket
AuthName HomeIntranet
PerlAuthenHandler Intranet::CheckSiteAuthen
#PerlAuthenHandler Apache::AuthTicket->authenticate
PerlAuthzHandler Apache::AuthTicket->authorize
require valid-user
</Location>
Intranet::CheckSiteAuthen looks like:
---[start]-----
package Intranet::CheckSiteAuthen;
use strict;
use DBI;
use Apache::Constants qw(:common);
use Intranet::common;
sub handler {
my $r = shift;
$r->warn("starting CheckSiteAuthen");
$r->push_handlers(PerlAuthenHandler =>
'Apache::AuthTicket->authenticate');
return DECLINED;
}
1;
---[end]-----
But when I try to access a location under that configuration,
I see in my error log:
[Mon Jun 25 18:33:55 2001] [crit] [client 192.168.10.15] configuration
error: couldn't
check user. No user file?: /u/IntranetLoginForm
(/u/IntranetLoginForm is the login CGI form that Apache::AuthTicket
uses).
All I'm trying to do at this point is set up a PerlAuthenHandler that
passes control to another one (Apache::AuthTicket->authenticate).
Of course, everything works with the configuration
<Location />
AuthType Apache::AuthTicket
AuthName HomeIntranet
#PerlAuthenHandler Intranet::CheckSiteAuthen
PerlAuthenHandler Apache::AuthTicket->authenticate
PerlAuthzHandler Apache::AuthTicket->authorize
require valid-user
</Location>
Any suggestions for me?
Thanks,
--
Steve Chadsey <ty...@teiresias.net>
Now playing: Devil's Child
(Judas Priest - "Screaming For Vengeance")
Re: push_handlers and PerlAuthenHandler troubles [second try]
Posted by Bolt Thrower <ty...@teiresias.net>.
Rodney Broom wrote:
>
> > <Location />
> > AuthType Apache::AuthTicket
> > AuthName HomeIntranet
> > PerlAuthenHandler Intranet::CheckSiteAuthen
> > #PerlAuthenHandler Apache::AuthTicket->authenticate
> > PerlAuthzHandler Apache::AuthTicket->authorize
> > require valid-user
> > </Location>
>
>
> mod_auth supplies the "Auth*" dirrectives. Since he sees 'require
> valid-user', he's looking for the rest of the Auth* directives.
> Specifically, "AuthUserFile".
Thanks for the reply Rodney. Anyway, I guess I just don't understand
why I'm getting the user file error with the above config, but if I
uncomment the PerlAuthenHandler Apache::AuthTicket->authenticate line,
it works as it should (gives me a login page). All I want to do is have
authentication start at my Intranet::CheckSiteAuthen module, then hop to
the AuthTicket module if some condition is met. If I uncomment both
PerlAuthenHandler Intranet::CheckSiteAuthen
PerlAuthenHandler Apache::AuthTicket->authenticate
lines, I get my login page, but authentication goes to
Apache::AuthTicket->authenticate regardless of what happens in
Intranet::CheckSiteAuthen.
Thanks,
--
Steve Chadsey <ty...@teiresias.net>
Re: push_handlers and PerlAuthenHandler troubles [second try]
Posted by Rodney Broom <rb...@Desert.NET>.
----- Original Message -----
From: Bolt Thrower <ty...@teiresias.net>
> <Location />
> AuthType Apache::AuthTicket
> AuthName HomeIntranet
> PerlAuthenHandler Intranet::CheckSiteAuthen
> #PerlAuthenHandler Apache::AuthTicket->authenticate
> PerlAuthzHandler Apache::AuthTicket->authorize
> require valid-user
> </Location>
> But when I try to access a location under that configuration,
> I see in my error log:
> [Mon Jun 25 18:33:55 2001] [crit] [client 192.168.10.15] configuration
> error: couldn't
> check user. No user file?: /u/IntranetLoginForm
mod_auth supplies the "Auth*" dirrectives. Since he sees 'require
valid-user', he's looking for the rest of the Auth* directives.
Specifically, "AuthUserFile".
I have a handler doing just what you are describing, and have the same
problem. My solution was to mandate that my mudule was the only thing
allowed to use Auth* configureation in the server config file and that
everybody else had to use .htaccess. But I still see that message
occasionally. My suggestion: if it work, then ignore the error message. :-)
> Of course, everything works with the configuration
> <Location />
> AuthType Apache::AuthTicket
> ...
> </Location>
> Any suggestions for me?
Yep, Auth* happens at the Directory level. From the docs:
AuthUserFile
Context: directory, .htaccess
So, if you have an other set of Auth* directives in the same scope, then
that can cause conflicts
---
Rodney Broom
Programmer: Desert.Net
Re: push_handlers and PerlAuthenHandler troubles [second try]
Posted by Doug MacEachern <do...@covalent.net>.
On Tue, 26 Jun 2001, Bolt Thrower wrote:
> My apologies if you've seen this twice.
>
> For a particular Location, I'd like to selectively (i.e., based on
> arbitrary criteria) determine whether a visitor needs authentication.
> So I set up a Location section in httpd.conf as follows:
> PerlAuthenHandler Intranet::CheckSiteAuthen
> #PerlAuthenHandler Apache::AuthTicket->authenticate
> package Intranet::CheckSiteAuthen;
...
> sub handler {
> my $r = shift;
> $r->warn("starting CheckSiteAuthen");
> $r->push_handlers(PerlAuthenHandler =>
> 'Apache::AuthTicket->authenticate');
in the current sources, you cannot push a handler in the current
phase. you could use a PerlAccessHandler to push the PerlAuthenHandler
instead.