You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Iván Chavero <ic...@uach.mx> on 2006/11/14 20:34:35 UTC
PerlAuthenHandler mod_perl 2.0.2, apache 2.2.2 & 2.2.3 problem
Hello,
I have a very weird problem on solaris 10 (and linux on amd64) with
mod_perl 2.0.2 and apache 2.2.3 authentication phase.
I have a handler for authentication and session management called Omni,
currently have it working on some production systems (using mod_perl
2.0.2 and apache 2.2.2) without any problem, but then on a routine
install on a new server with apache 2.2.3 and mod_perl 2.0.2 it just
does not work.
It seems that for some reason apache is ignoring the authentication
phase, i have set the LogLevel to debug and compiled mod_perl with
MP_TRACE=1 and i can see that the module is being loaded, then, i check
the location on my browser. As expected it shows me the login page but
when i check the virtual host error_log and the apache global error_log
files (which i use to show debugging messages for the module) i get
nothing as if the handler was never executed.
I don't know if i'm doing something wrong because even with LogLevel to
debug i don't get error messages on the apache log files; it seems as if
PerlAuthenHandler is being ignored.
This is how i am loading the handler:
... Alias /Dau /www/virtual_1/Dau <Location /Dau> AuthName Omni AuthType
Basic PerlAuthenHandler Omni::Handler::Web #my module ErrorDocument 403
/dau.html #my login page require valid-user </Location> ...
<http://perlmonks.org/?abspart=1;displaytype=displaycode;node_id=583763;part=1>
The releveant debugging output when apache is started:
... modperl_config_dir_new: new dcfg: 0x20ad08
modperl_config_dir_create: dir /Dau modperl_cmd_authen_handlers: push
@PerlAuthenHandler, Omni::Handler::W +eb modperl_handler_new: [10035]
new handler Omni::Handler::Web modperl_cmd_push_handlers: created
handler stack modperl_cmd_push_handlers: pushed handler:
Omni::Handler::Web ... modperl_init_vhost: Init vhost virtual_1:9443:
s=0x1604a8, base_s=0xd1 +400 MpSrv flags dump (virtual_1): Access On
Authen On Authz On Autoload Off ChildExit On ChildInit On Cleanup On
Clone Off Enable On Fixup On HeaderParser On InputFilter On Log On
MapToStorage On MergeHandlers Off OpenLogs On OutputFilter On Parent Off
PostConfig On PostReadRequest On PreConnection On ProcessConnection On
Response On Trans On Type On Unset On ... modperl_mgv_resolve:
Omni::Handler::Web's stash is not found
<http://perlmonks.org/?abspart=1;displaytype=displaycode;node_id=583763;part=2>
I have installed apache 2.2.3 & 2.2.2 with mod_perl 2.0.2 on a linux
amd64 box and i still get the same beaviour.
I even changed the PerlAuthenHandler value to a non existent module
(which i think it should give a startup error) and it gets ignored.
my apache compile flags are this:
--prefix=/usr/local/apache-2.2.2 --with-ssl=/usr --enable-so
--enable-cgi --enable-vhost-alias --enable-http --enable-ssl
--enable-logio -
-enable-log-forensic --enable-cache --enable-disk-cache --enable-file-cache
my mod_perl copile flags are this:
perl Makefile.PL MP_APXS=/usr/local/apache-2.2.2/bin/apxs
I'm really lost here and REALLY appreciate your help.
Thanks
--
Iván Chavero
Administrador de Sistemas UNIX
CGTI/DSE
Universidad Autónoma de Chihuahua
ichavero@uach.mx
http://cgti.uach.mx
Tel. 614 439 18 35 ext 1728
Re: PerlAuthenHandler mod_perl 2.0.2, apache 2.2.2 & 2.2.3 problem
Posted by Iván Chavero <ic...@uach.mx>.
Philip M. Gollucci wrote:
> Michael Peters wrote:
>>
>> Iván Chavero wrote:
>>
>>> my mod_perl copile flags are this:
>>>
>>> perl Makefile.PL MP_APXS=/usr/local/apache-2.2.2/bin/apxs
>>
>> you need EVERYTHING=1 there, or specifically turn on PERL_AUTHEN,
>> PERL_AUTHZ,
>> PERL_ACCESS individually.
> No. Like um its mod_perl 2 :)
>
> <Location /foo>
> AuthType Basic
> AuthName "BAR"
> Require valid-user
>
> PerlAccessHandler AAA::Access
> PerlAuthenHandler AAA::Authen
> PerlAuthzHandler AAA::Authz
> </Location>
>
> http://perl.apache.org/docs/2.0/user/handlers/http.html#PerlAuthenHandler
>
> Note that part syaing you need at least 1 require directive.
>
I've read the PerlAuthenHandler manual part and i still don't get what
am i doing wrong i even copied the example to my virtual host
configuration so in order to generate an error (because i don't have the
MyApache2::SecretLengthAuth module ) and i does not give me any error,
it just ignores the directive.
--
Iván Chavero
Administrador de Sistemas UNIX
CGTI/DSE
Universidad Autónoma de Chihuahua
ichavero@uach.mx
http://cgti.uach.mx
Tel. 614 439 18 35 ext 1728
Re: PerlAuthenHandler mod_perl 2.0.2, apache 2.2.2 & 2.2.3 problem
Posted by Michael Peters <mp...@plusthree.com>.
Philip M. Gollucci wrote:
> Michael Peters wrote:
>>
>> Iván Chavero wrote:
>>
>>> my mod_perl copile flags are this:
>>>
>>> perl Makefile.PL MP_APXS=/usr/local/apache-2.2.2/bin/apxs
>>
>> you need EVERYTHING=1 there, or specifically turn on PERL_AUTHEN,
>> PERL_AUTHZ,
>> PERL_ACCESS individually.
> No. Like um its mod_perl 2 :)
Whoops, silly me.
--
Michael Peters
Developer
Plus Three, LP
Re: PerlAuthenHandler mod_perl 2.0.2, apache 2.2.2 & 2.2.3 problem
Posted by "Philip M. Gollucci" <pg...@p6m7g8.com>.
Michael Peters wrote:
>
> Iván Chavero wrote:
>
>> my mod_perl copile flags are this:
>>
>> perl Makefile.PL MP_APXS=/usr/local/apache-2.2.2/bin/apxs
>
> you need EVERYTHING=1 there, or specifically turn on PERL_AUTHEN, PERL_AUTHZ,
> PERL_ACCESS individually.
No. Like um its mod_perl 2 :)
<Location /foo>
AuthType Basic
AuthName "BAR"
Require valid-user
PerlAccessHandler AAA::Access
PerlAuthenHandler AAA::Authen
PerlAuthzHandler AAA::Authz
</Location>
http://perl.apache.org/docs/2.0/user/handlers/http.html#PerlAuthenHandler
Note that part syaing you need at least 1 require directive.
--
------------------------------------------------------------------------
Philip M. Gollucci (pgollucci@p6m7g8.com) 323.219.4708
Consultant / http://p6m7g8.net/Resume/resume.shtml
Senior Software Engineer - TicketMaster - http://ticketmaster.com
1024D/A79997FA F357 0FDD 2301 6296 690F 6A47 D55A 7172 A799 97F
When I call your name, Girl, it starts to flame
Burning in my heart, Tearing it all apart..
No matter how I try My love I cannot hide....
Re: PerlAuthenHandler mod_perl 2.0.2, apache 2.2.2 & 2.2.3 problem
Posted by Michael Peters <mp...@plusthree.com>.
Iván Chavero wrote:
> my mod_perl copile flags are this:
>
> perl Makefile.PL MP_APXS=/usr/local/apache-2.2.2/bin/apxs
you need EVERYTHING=1 there, or specifically turn on PERL_AUTHEN, PERL_AUTHZ,
PERL_ACCESS individually.
--
Michael Peters
Developer
Plus Three, LP
Re: PerlAuthenHandler mod_perl 2.0.2, apache 2.2.2 & 2.2.3 problem
Posted by Iván Chavero <ic...@uach.mx>.
Perrin Harkins wrote:
> That sounds like you aren't even hitting this server. Try shutting it
> down and see if you still get a response. You have no other
> VirtualHosts in there? Sometimes your request will fail to match the
> VirtualHost you expected it to hit and fall through to the default
> server (i.e. the first thing configured) instead.
>
> - Perrin
>
>
Finally i got the error, i missed to comment the Directory, Location and
FilesMatch directives on httpd.conf.
this entry (it's a default in httpd.conf):
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
turned out to be the one that was making the server ignore the directives.
Thank you very much for your help!!! (i was going mad here!!)
--
Iván Chavero
Administrador de Sistemas UNIX
CGTI/DSE
Universidad Autónoma de Chihuahua
ichavero@uach.mx
http://cgti.uach.mx
Tel. 614 439 18 35 ext 1728
Re: PerlAuthenHandler mod_perl 2.0.2, apache 2.2.2 & 2.2.3 problem
Posted by Perrin Harkins <pe...@elem.com>.
On Tue, 2006-11-14 at 14:40 -0700, Iván Chavero wrote:
> I've comented everything and left only this Location
>
> Alias /prueba /www/imcsk8.example.com/auth
> <Location /prueba>
> SetHandler perl-script
> PerlResponseHandler NONEXISTENTMODULE
> PerlAuthenHandler NONEXISTENTMODULE
> Options +ExecCGI
> AuthType Basic
> AuthName "The Gate"
> Require valid-user
> </Location>
>
> I get no errors on my log files, just the forbidden message on the browser
That sounds like you aren't even hitting this server. Try shutting it
down and see if you still get a response. You have no other
VirtualHosts in there? Sometimes your request will fail to match the
VirtualHost you expected it to hit and fall through to the default
server (i.e. the first thing configured) instead.
- Perrin
Re: PerlAuthenHandler mod_perl 2.0.2, apache 2.2.2 & 2.2.3 problem
Posted by Iván Chavero <ic...@uach.mx>.
Perrin Harkins wrote:
> On Tue, 2006-11-14 at 14:16 -0700, Iván Chavero wrote:
>
>> I'm doing tests on a fresh install with one virtual host, here's my
>> virtualhost config file:
>>
>
> Try commenting out all of the other Directory, FilesMatch, and Location
> blocks. Also, try changing PerlResponseHandler for that block to
> something that doesn't exist and verify that it's at least running that
> part.
>
> - Perrin
>
>
I've comented everything and left only this Location
Alias /prueba /www/imcsk8.example.com/auth
<Location /prueba>
SetHandler perl-script
PerlResponseHandler NONEXISTENTMODULE
PerlAuthenHandler NONEXISTENTMODULE
Options +ExecCGI
AuthType Basic
AuthName "The Gate"
Require valid-user
</Location>
I get no errors on my log files, just the forbidden message on the browser
--
Iván Chavero
Administrador de Sistemas UNIX
CGTI/DSE
Universidad Autónoma de Chihuahua
ichavero@uach.mx
http://cgti.uach.mx
Tel. 614 439 18 35 ext 1728
Re: PerlAuthenHandler mod_perl 2.0.2, apache 2.2.2 & 2.2.3 problem
Posted by Perrin Harkins <pe...@elem.com>.
On Tue, 2006-11-14 at 14:16 -0700, Iván Chavero wrote:
> I'm doing tests on a fresh install with one virtual host, here's my
> virtualhost config file:
Try commenting out all of the other Directory, FilesMatch, and Location
blocks. Also, try changing PerlResponseHandler for that block to
something that doesn't exist and verify that it's at least running that
part.
- Perrin
Re: PerlAuthenHandler mod_perl 2.0.2, apache 2.2.2 & 2.2.3 problem
Posted by Iván Chavero <ic...@uach.mx>.
Perrin Harkins wrote:
> On Tue, 2006-11-14 at 12:34 -0700, Iván Chavero wrote:
>
>> I even changed the PerlAuthenHandler value to a non existent module
>> (which i think it should give a startup error) and it gets ignored.
>>
>
> That sounds like a config problem to me. I bet you have another
> Location block that is applying to the same URL and the merge is
> eliminating your Auth settings here. Try removing other Location,
> Directory, and Files blocks from your conf file until it starts to run
> your handler.
>
> - Perrin
>
>
I'm doing tests on a fresh install with one virtual host, here's my
virtualhost config file:
Listen 9443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/usr/local/apache-2.2.3/logs/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLMutex file:/usr/local/apache-2.2.3/logs/ssl_mutex
<VirtualHost 192.168.1.1:9443>
DocumentRoot "/www/imcsk8.example.com/docs"
ServerName imcsk8.example.com:9443
ServerAdmin ichavero@uach.mx
ErrorLog /www/imcsk8.example.com/logs/error_log
TransferLog /www/imcsk8.example.com/logs/access_log
PerlRequire /www/imcsk8.ti.uach.mx/conf/startup.conf
<Directory "/www/imcsk8.example.com/docs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
#I use this Location to check if mod_perl is working
Alias /perl /www/imcsk8.example.com/perl
<Location /perl>
SetHandler perl-script
PerlResponseHandler ModPerl::Registry
PerlOptions +ParseHeaders
Options +ExecCGI
Order allow,deny
Allow from all
</Location>
Alias /auth /www/imcsk8.example.com/auth
<Location /auth>
AuthName Omni
AuthType Basic
PerlAuthenHandler Omni::Handler::Web
ErrorDocument 403 /login.html
SetHandler perl-script
PerlResponseHandler ModPerl::Registry
PerlOptions +ParseHeaders +GlobalRequest
Options +ExecCGI
DirectoryIndex index.cgi
require valid-user
</Location>
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile
/usr/local/apache-2.2.3/conf/ssl/imcsk8.example.com-server.crt
SSLCertificateKeyFile
/usr/local/apache-2.2.3/conf/ssl/imcsk8.example.com-server.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache-2.2.3/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /usr/local/apache-2.2.3/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
--
Iván Chavero
Administrador de Sistemas UNIX
CGTI/DSE
Universidad Autónoma de Chihuahua
ichavero@uach.mx
http://cgti.uach.mx
Tel. 614 439 18 35 ext 1728
Re: PerlAuthenHandler mod_perl 2.0.2, apache 2.2.2 & 2.2.3 problem
Posted by Perrin Harkins <pe...@elem.com>.
On Tue, 2006-11-14 at 12:34 -0700, Iván Chavero wrote:
> I even changed the PerlAuthenHandler value to a non existent module
> (which i think it should give a startup error) and it gets ignored.
That sounds like a config problem to me. I bet you have another
Location block that is applying to the same URL and the merge is
eliminating your Auth settings here. Try removing other Location,
Directory, and Files blocks from your conf file until it starts to run
your handler.
- Perrin