You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Brian Clarkson <br...@austinunleashed.com> on 2004/03/23 19:24:13 UTC
Apache::AuthCookieDBI and SecretKeyFile
The WhateverDBI_SecretKeyFile seems to be everyone's problem with this
module. I've searched around, read most people's fixes, but none of
them work for me. Here's my error_log snippet:
[Tue Mar 23 12:04:58 2004] [error] access to /LOGIN failed, reason:
Apache::AuthCookieDBI: didn't have the secret key for auth realm JBG
[Tue Mar 23 12:04:58 2004] [error] access to /logintest failed, reason:
Apache::AuthCookieDBI: didn't the secret key from for auth realm JBG
The host in question is a VirtualHost. My first configuration attempt,
which matches one of the more common solutions ( putting the PerlSetVar
directive before the module load ) doesn't do the trick:
<VirtualHost xx.xx.xx.xx>
ServerName host.domain.com
[DocRoot and Logging Directives]
## these directives are for Apache::AuthCookieDBI
## and MUST COME FIRST
PerlSetVar JBGDBI_SecretKeyFile /home/httpd/secure.jbgoodwin.com/keyfile
PerlModule Apache::AuthCookieDBI
PerlSetVar JBGPath /
PerlSetVar JBGLoginScript /login.pl
[ other PerlSetVar directives ]
## the two location directives:
## These documents require user to be logged in.
<Location /logintest>
AuthType Apache::AuthCookieDBI
AuthName JBG
PerlAuthenHandler Apache::AuthCookieDBI->authenticate
PerlAuthzHandler Apache::AuthCookieDBI->authorize
require valid-user
</Location>
#
##this is the action of the login.pl script above.
<Location /LOGIN>
AuthType Apache::AuthCookieDBI
AuthName JBG
SetHandler perl-script
PerlHandler Apache::AuthCookieDBI->login
</Location>
</VirtualHost>
The handler gets called. I've double-checked everything, and now the
SecretKeyFile is being wonky. I've read through the code, read through
the docs, googled for an answer, even tried setting the SecretKey
directive in the main server config (not in the VH config).
Permissions look OK:
[hostname ....] $ ls -al keyfile
-rw------- 1 nobody nobody 52 Mar 1 11:22 keyfile
I have to be missing something obvious?
The earlier problem I was having, if anyone was interested, got solved.
The problem was mod_auth looking first, the Apache::AuthCookie trying
to kick in ...
--brian
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
Re: Apache::AuthCookieDBI and SecretKeyFile
Posted by Brian Clarkson <br...@austinunleashed.com>.
Actually, with a little bit of help and a little config tweaking I got
this working.
1. created separate include files for the Perl directives and the
Location/ Directory directives. one is in the main server config ( Perl
directives) and the other is part of the VH config.
2. realized that part of the problem with the testing setup was that
/LOGIN was also considered protected because of the PerSetDirectory
being set to / ... changing that to /logintest fixed it, and I can now
log into the sample part of the site.
I'll need to make a few changes from another thread to finish the
install of this, namely aliasing the /LOGIN Location to something
'outside' of the docroot ( per a thread on Apache::AuthCookie ).
thanks for the help
--b--
Nick Phillips wrote:
> On 24/03/2004, at 6:24 AM, Brian Clarkson wrote:
>
>> The WhateverDBI_SecretKeyFile seems to be everyone's problem with this
>> module. I've searched around, read most people's fixes, but none of
>> them work for me. Here's my error_log snippet:
>>
>> [Tue Mar 23 12:04:58 2004] [error] access to /LOGIN failed, reason:
>> Apache::AuthCookieDBI: didn't have the secret key for auth realm JBG
>> [Tue Mar 23 12:04:58 2004] [error] access to /logintest failed,
>> reason: Apache::AuthCookieDBI: didn't the secret key from for auth
>> realm JBG
>>
>> The host in question is a VirtualHost. My first configuration
>> attempt, which matches one of the more common solutions ( putting the
>> PerlSetVar directive before the module load ) doesn't do the trick:
>
>
> You *must* put *all* the PerlSetVar configuration for AuthCookie* in the
> *main* apache
> configuration, not in a virtual host section or similar.
>
> This is because it is read in a BEGIN block, and there is no current
> request and hence no
> appropriate virtual host at that stage.
>
> It's in the docs, IIRC.
>
>
>
> Cheers,
>
>
> Nick
>
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
Re: Apache::AuthCookieDBI and SecretKeyFile
Posted by Brian Clarkson <br...@austinunleashed.com>.
Nick Phillips wrote:
> On 24/03/2004, at 6:24 AM, Brian Clarkson wrote:
>
>> The host in question is a VirtualHost. My first configuration
>> attempt, which matches one of the more common solutions ( putting the
>> PerlSetVar directive before the module load ) doesn't do the trick:
>
>
> You *must* put *all* the PerlSetVar configuration for AuthCookie* in the
> *main* apache
> configuration, not in a virtual host section or similar.
>
> This is because it is read in a BEGIN block, and there is no current
> request and hence no
> appropriate virtual host at that stage.
>
> It's in the docs, IIRC.
nope, at least not in the perldoc for the version i'm using. ( 1.19 ).
so there's no way to use this module with VirtualHosts? guess i'm outta
luck ... because this is a hosting environment with ~50 or do VHs and no
'main' server.
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
Re: Apache::AuthCookieDBI and SecretKeyFile
Posted by Nick Phillips <Ni...@stonebow.otago.ac.nz>.
On 24/03/2004, at 6:24 AM, Brian Clarkson wrote:
> The WhateverDBI_SecretKeyFile seems to be everyone's problem with this
> module. I've searched around, read most people's fixes, but none of
> them work for me. Here's my error_log snippet:
>
> [Tue Mar 23 12:04:58 2004] [error] access to /LOGIN failed, reason:
> Apache::AuthCookieDBI: didn't have the secret key for auth realm JBG
> [Tue Mar 23 12:04:58 2004] [error] access to /logintest failed,
> reason: Apache::AuthCookieDBI: didn't the secret key from for auth
> realm JBG
>
> The host in question is a VirtualHost. My first configuration
> attempt, which matches one of the more common solutions ( putting the
> PerlSetVar directive before the module load ) doesn't do the trick:
You *must* put *all* the PerlSetVar configuration for AuthCookie* in
the *main* apache
configuration, not in a virtual host section or similar.
This is because it is read in a BEGIN block, and there is no current
request and hence no
appropriate virtual host at that stage.
It's in the docs, IIRC.
Cheers,
Nick
--
Nick Phillips / +64 3 479 4195 / nick.phillips@stonebow.otago.ac.nz
# these statements are my own, not those of the University of Otago
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
Re: Apache::AuthCookieDBI and SecretKeyFile
Posted by Stas Bekman <st...@stason.org>.
William McKee wrote:
> On Tue, Mar 23, 2004 at 02:14:44PM -0600, Brian Clarkson wrote:
>
>> I might need to take a look at that patch. The error that shows up is
>> from sub authen_ses_key ....
>
>
> My patch is attached. I'm not sure it will help much if you're having
> problems reading in the key but let me know how it goes.
William, please always send unified diffs as patches. Non-unified patches are
often incomprehensible, since they provide no context for the change. On most
platforms that is accomplished with the -u flag:
diff -u foo bar
or against cvs:
cvs diff -u foo
and you can put that flag into ~/.cvsrc:
diff -u
so now you can just run:
cvs diff foo
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
Re: Apache::AuthCookieDBI and SecretKeyFile
Posted by William McKee <wi...@knowmad.com>.
On Tue, Mar 23, 2004 at 02:14:44PM -0600, Brian Clarkson wrote:
> I might need to take a look at that patch. The error that shows up is
> from sub authen_ses_key ....
My patch is attached. I'm not sure it will help much if you're having
problems reading in the key but let me know how it goes.
William
--
Knowmad Services Inc.
http://www.knowmad.com
Re: Apache::AuthCookieDBI and SecretKeyFile
Posted by Brian Clarkson <br...@austinunleashed.com>.
William McKee wrote:
> Hi Brian,
>
> I've had my share of problems with this module as well. I've found the
> following two solutions which I submitted to CPAN RT[1]:
>
> 1) place the PerlSetVar at the very top of your httpd.conf
In the Global ENV section? Doesn't fix the issue.
>
> 2) instead of using PerlModule, use the following:
>
> <perl>
> use Apache::AuthCookieDBI;
> </perl>
Tried that too, and I'm still getting the same errors.
I've even tossed this line into the BEGIN block ....
Apache::log_error( "DEBUG: >$auth_name< in file >$keyfile<" );
and i get no output, either on server restart or on script invocation.
(i'd expect it at server startup ).
> BTW, I've submitted several other reports to CPAN which the author has
> so far ignored. The most troubling one is "Incorrect processing of
> authen_cred()"[2]. I've submitted a patch which you may want to apply.
> Let me know if you'd like a copy.
I might need to take a look at that patch. The error that shows up is
from sub authen_ses_key ....
i can tell because it's a horribly constructed sentence. :-P ( didn't
the secret key .... )
--b--
>
>
> Good luck,
> William
>
> [1] http://rt.cpan.org/NoAuth/Bug.html?id=4847
> [2] http://rt.cpan.org/NoAuth/Bug.html?id=3673
>
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
Re: Apache::AuthCookieDBI and SecretKeyFile
Posted by William McKee <wi...@knowmad.com>.
Hi Brian,
I've had my share of problems with this module as well. I've found the
following two solutions which I submitted to CPAN RT[1]:
1) place the PerlSetVar at the very top of your httpd.conf
2) instead of using PerlModule, use the following:
<perl>
use Apache::AuthCookieDBI;
</perl>
BTW, I've submitted several other reports to CPAN which the author has
so far ignored. The most troubling one is "Incorrect processing of
authen_cred()"[2]. I've submitted a patch which you may want to apply.
Let me know if you'd like a copy.
Good luck,
William
[1] http://rt.cpan.org/NoAuth/Bug.html?id=4847
[2] http://rt.cpan.org/NoAuth/Bug.html?id=3673
--
Knowmad Services Inc.
http://www.knowmad.com
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
Re: Apache::AuthCookieDBI and SecretKeyFile
Posted by William McKee <wi...@knowmad.com>.
On Tue, Mar 23, 2004 at 12:24:13PM -0600, Brian Clarkson wrote:
> Permissions look OK:
>
> [hostname ....] $ ls -al keyfile
> -rw------- 1 nobody nobody 52 Mar 1 11:22 keyfile
Out of curiosity, have you tried setting the permissions on that keyfile
to 666 to be sure that another process isn't trying to read that file
and failing due to permissions?
William
--
Knowmad Services Inc.
http://www.knowmad.com
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html