You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Keigo IMAI <sy...@agusa.i.is.nagoya-u.ac.jp> on 2006/02/10 19:53:47 UTC
[users@httpd] problem : mod_authnz_ldap with AuthType Digest
Hello,
I encountered a problem when using mod_authnz_ldap with digest password.
OS : Mac OS X Server 10.4
Apache : 2.2.0
(attached config.log)
Once I try to get the page with authentication by LDAP and Digest
password
(submitting id and pass), then it immediately returns a 500 error to
my browser.
Below is the part of my httpd.conf file.
> Alias /uploads "/opt/local/apache2/uploads"
>
> <Directory "/opt/local/apache2/uploads">
>
> Options All
> Order allow,deny
> Allow from all
>
> AuthBasicAuthoritative off
>
> AuthName upload
>
> # switch here ---- Digest or Basic
> AuthType Digest
> #AuthType Basic
> # -------------------------
>
> # switch below ---- ldap or file
> AuthBasicProvider ldap
> AuthLDAPURL ldap://osxserver/dc=somewhere,dc=jp?uid
> AuthzLDAPAuthoritative off
>
> #AuthBasicProvider file
> #AuthUserFile "/opt/local/apache2/user.passwd"
> # -------------------------------
>
> require valid-user
>
> </Directory>
And when I accessed to:
http://<www>/uploads/
then I got a 500 error.
Apache2 says:
> [Sat Feb 11 02:57:39 2006] [error] Internal error: pcfg_openfile()
> called with NULL filename
> [Sat Feb 11 02:57:39 2006] [error] [client xxx.yyy.zzz.www] (9)Bad
> file descriptor: Could not open password file: (null)
(when loglevel is 'debug')
...However, it works fine when I switch to:
1. "AuthType Basic"
or,
2. "AuthBasicProvider file"
respectively, like the comment of above fragment of conf file.
So I am sure that all modules including mod_authnz_ldap and
mod_auth_digest are loaded properly.
And more, I guess that the combination of mod_authnz_ldap with Digest
password causes this.
Is there anyone who encountered this problem?
...or, is this an OSX specific bug?
Any help will be appreciated.
(And, sorry for my unskilled English.)
regards,
Keigo IMAI
Re: [users@httpd] problem : mod_authnz_ldap with AuthType Digest
Posted by Joshua Slive <jo...@slive.ca>.
On 2/10/06, Keigo IMAI <sy...@agusa.i.is.nagoya-u.ac.jp> wrote:
> (Then, why is it possible to use AuthType Digest with
> AuthBasicProvider??? It works fine on our setting.)
AuthDigestProvider has a default value.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] problem : mod_authnz_ldap with AuthType Digest
Posted by Keigo IMAI <sy...@agusa.i.is.nagoya-u.ac.jp>.
David Bell wrote:
> Perhaps you need a AuthDigestProvider line instead of
> AuthBasicProvider?
Thanks. Now I realized the problem...
As you have pointed out,
Basic AuthType must be used with AuthBasicProvider, and Digest with
AuthDigestProvider.
(Then, why is it possible to use AuthType Digest with
AuthBasicProvider??? It works fine on our setting.)
However, I found that AuthDigestProvider does not support LDAP now.
So mod_authnz_ldap can only be used with AuthType Basic.
When I wrote "AuthDigestProvider ldap", I got following and apache
wouldn't start:
> Syntax error on line 23 of /opt/local/apache2/conf/extra/httpd-
> dav.conf:
> The 'ldap' Authn provider doesn't support Digest Authentication
Thanks a lot again.
Best regards.
On 2006/02/11, at 4:14(+0900), David Bell wrote:
> I got that error when I didn't have AuthBasicProvider LDAP and
> using Basic AuthType. Perhaps you need a AuthDigestProvider line
> instead of AuthBasicProvider?
>
> Cheers,
> Dave
>
> Keigo IMAI wrote:
>
>> Hello,
>>
>> I encountered a problem when using mod_authnz_ldap with digest
>> password.
>>
>> OS : Mac OS X Server 10.4
>> Apache : 2.2.0
>> (attached config.log)
>>
>> Once I try to get the page with authentication by LDAP and Digest
>> password
>> (submitting id and pass), then it immediately returns a 500 error
>> to my browser.
>>
>> Below is the part of my httpd.conf file.
>>
>>> Alias /uploads "/opt/local/apache2/uploads"
>>>
>>> <Directory "/opt/local/apache2/uploads">
>>>
>>> Options All
>>> Order allow,deny
>>> Allow from all
>>>
>>> AuthBasicAuthoritative off
>>>
>>> AuthName upload
>>>
>>> # switch here ---- Digest or Basic
>>> AuthType Digest
>>> #AuthType Basic
>>> # -------------------------
>>>
>>> # switch below ---- ldap or file
>>> AuthBasicProvider ldap
>>> AuthLDAPURL ldap://osxserver/dc=somewhere,dc=jp?uid
>>> AuthzLDAPAuthoritative off
>>>
>>> #AuthBasicProvider file
>>> #AuthUserFile "/opt/local/apache2/user.passwd"
>>> # -------------------------------
>>>
>>> require valid-user
>>>
>>> </Directory>
>>
>>
>> And when I accessed to:
>> http://<www>/uploads/
>> then I got a 500 error.
>>
>> Apache2 says:
>>
>>> [Sat Feb 11 02:57:39 2006] [error] Internal error: pcfg_openfile
>>> () called with NULL filename
>>> [Sat Feb 11 02:57:39 2006] [error] [client xxx.yyy.zzz.www] (9)
>>> Bad file descriptor: Could not open password file: (null)
>>
>> (when loglevel is 'debug')
>>
>> ...However, it works fine when I switch to:
>> 1. "AuthType Basic"
>> or,
>> 2. "AuthBasicProvider file"
>> respectively, like the comment of above fragment of conf file.
>> So I am sure that all modules including mod_authnz_ldap and
>> mod_auth_digest are loaded properly.
>>
>> And more, I guess that the combination of mod_authnz_ldap with
>> Digest password causes this.
>> Is there anyone who encountered this problem?
>> ...or, is this an OSX specific bug?
>>
>> Any help will be appreciated.
>> (And, sorry for my unskilled English.)
>>
>> regards,
>> Keigo IMAI
>>
>> ---------------------------------------------------------------------
>> ---
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> --
> ______
> /_____/\
> /____ \\ \ David Richard Bell
> /_____\ \\ / Web Project Manager
> /_____/ \/ / / Web Experience and Design
> /_____/ / \//\ 500 Eldorado Blvd. UBRM05-A350
> \_____\//\ / / Broomfield, CO. 80021
> \_____/ / /\ / Phone 1-303-547-3375 / x51534
> \_____/ \\ \ Email: D.Bell@Sun.com
> \_____\ \\
> \_____\/
>
>
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] problem : mod_authnz_ldap with AuthType Digest
Posted by David Bell <D....@Sun.COM>.
I got that error when I didn't have AuthBasicProvider LDAP and using
Basic AuthType. Perhaps you need a AuthDigestProvider line instead of
AuthBasicProvider?
Cheers,
Dave
Keigo IMAI wrote:
> Hello,
>
> I encountered a problem when using mod_authnz_ldap with digest password.
>
> OS : Mac OS X Server 10.4
> Apache : 2.2.0
> (attached config.log)
>
> Once I try to get the page with authentication by LDAP and Digest
> password
> (submitting id and pass), then it immediately returns a 500 error to
> my browser.
>
> Below is the part of my httpd.conf file.
>
>> Alias /uploads "/opt/local/apache2/uploads"
>>
>> <Directory "/opt/local/apache2/uploads">
>>
>> Options All
>> Order allow,deny
>> Allow from all
>>
>> AuthBasicAuthoritative off
>>
>> AuthName upload
>>
>> # switch here ---- Digest or Basic
>> AuthType Digest
>> #AuthType Basic
>> # -------------------------
>>
>> # switch below ---- ldap or file
>> AuthBasicProvider ldap
>> AuthLDAPURL ldap://osxserver/dc=somewhere,dc=jp?uid
>> AuthzLDAPAuthoritative off
>>
>> #AuthBasicProvider file
>> #AuthUserFile "/opt/local/apache2/user.passwd"
>> # -------------------------------
>>
>> require valid-user
>>
>> </Directory>
>
>
> And when I accessed to:
> http://<www>/uploads/
> then I got a 500 error.
>
> Apache2 says:
>
>> [Sat Feb 11 02:57:39 2006] [error] Internal error: pcfg_openfile()
>> called with NULL filename
>> [Sat Feb 11 02:57:39 2006] [error] [client xxx.yyy.zzz.www] (9)Bad
>> file descriptor: Could not open password file: (null)
>
> (when loglevel is 'debug')
>
> ...However, it works fine when I switch to:
> 1. "AuthType Basic"
> or,
> 2. "AuthBasicProvider file"
> respectively, like the comment of above fragment of conf file.
> So I am sure that all modules including mod_authnz_ldap and
> mod_auth_digest are loaded properly.
>
> And more, I guess that the combination of mod_authnz_ldap with Digest
> password causes this.
> Is there anyone who encountered this problem?
> ...or, is this an OSX specific bug?
>
> Any help will be appreciated.
> (And, sorry for my unskilled English.)
>
> regards,
> Keigo IMAI
>
>------------------------------------------------------------------------
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
--
______
/_____/\
/____ \\ \ David Richard Bell
/_____\ \\ / Web Project Manager
/_____/ \/ / / Web Experience and Design
/_____/ / \//\ 500 Eldorado Blvd. UBRM05-A350
\_____\//\ / / Broomfield, CO. 80021
\_____/ / /\ / Phone 1-303-547-3375 / x51534
\_____/ \\ \ Email: D.Bell@Sun.com
\_____\ \\
\_____\/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org