You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Tomasz Konefal <to...@compt.com> on 2002/01/07 18:04:22 UTC

problems with Apache::AuthTicket

greetings,

   i'm hoping that someone out there can help me out with my AuthTicket 
troubles.

   first, i require a simple way to authenticate and authorize users for 
a little intranet site.  from what i could find, AuthTicket looks like 
the best way to do this (is there something better?).  PageKit also 
looks nice, but it's probably overkill for what i need.

   i've installed AuthTicket onto a FreeBSD 4.4 box running Apache. 
here is a snippet from the http error log.

---snip---
[Mon Jan  7 11:11:57 2002] [error] ENTRY Apache::AuthTicket::dbi_connect 
[line 215]
returning [DBI:Pg:dbname=ftpfudb] for TicketDB at 
/usr/local/lib/perl5/site_perl
/5.005/Apache/AuthTicket.pm line 104.
returning [ftpfu] for TicketDBUser at 
/usr/local/lib/perl5/site_perl/5.005/Apache/AuthTicket.pm line 104.
returning [in10se] for TicketDBPassword at 
/usr/local/lib/perl5/site_perl/5.005/
Apache/AuthTicket.pm line 104.
<< DESTROY CALLED >> at 
/usr/local/lib/perl5/site_perl/5.005/Apache/AuthTicket.pm line 227.
---snip---

here is the relevant portion of my httpd.conf file:

---snip---
## set AuthTicket defaults
##
PerlModule Apache::AuthTicket
PerlSetVar FtpFuTicketDB DBI:Pg:dbname=ftpfudb
PerlSetVar FtpFuTicketDBUser ftpfu
PerlSetVar FtpFuTicketDBPassword mypass
PerlSetVar FtpFuTicketTable tickets:ticket_hash:ts
PerlSetVar FtpFuTicketUserTable users:username:passwd
PerlSetVar FtpFuTicketPasswordStyle cleartext
PerlSetVar FtpFuTicketSecretTable ticketsecrets:sec_version:sec_data
PerlSetVar FtpFuTicketExpires 15
PerlSetVar FtpFuTicketLogoutURI /authorized/ftpfu.cgi
PerlSetVar FtpFuTicketLoginHandler /ftpfulogin
PerlSetVar FtpFuTicketIdleTimeout 1
PerlSetVar FtpFuPath /
PerlSetVar FtpFuDomain .compt.com
PerlSetVar FtpFuSecure 1
PerlSetVar FtpFuLoginScript /ftpfuloginform

## set access restrictions
##
<Location /authorized>
     AuthType            Apache::AuthTicket
     AuthName            FtpFu
     PerlAuthenHandler   Apache::AuthTicket->authenticate
     PerlAuthzHandler    Apache::AuthTicket->authorize
     require valid-user
</Location>

## how to display login and logout forms
##
<Location /ftpfuloginform>
     AuthType            Apache::AuthTicket
     AuthName            FtpFu
     SetHandler          perl-script
     PerlHandler         Apache::AuthTicket->login_screen
</Location>

<Location /ftpfulogin>
     AuthType            Apache::AuthTicket
     AuthName            FtpFu
     SetHandler          perl-script
     PerlHandler         Apache::AuthTicket->login
</Location>

<Location /authorized/logout>
     AuthType            Apache::AuthTicket
     AuthName            FtpFu
     SetHandler          perl-script
     PerlHandler         Apache::AuthTicket->logout
</Location>
---snip---

i've set up a postgresql database with the appropriate tables and 
permissios.  this script can access this database without any difficulty:

---snip---
#!/usr/bin/perl
use DBI;
   my $dbh=DBI->connect('DBI:Pg:dbname=foodb', 'foouser', 'foopasswd')
   or die "couldn't connect: " . DBI->errstr;
   $dbh->disconnect;
---snip---

when i try to access the 'authorized/' portion of the site i get the 
login page.  when i submit a blank login form, i get the above httpd 
error log.  if i fill it in, i also get that error log.  at no time am i 
prompted to set a cookie (mozilla is set to ask if i want to allow cookies).

another thing to note is that i've got two versions of perl installed. 
the original 5.005 which came with freebsd, and an updated one which i 
got from CPAN.  @INC shows:

     /usr/local/lib/perl5/5.6.1/i386-freebsd
     /usr/local/lib/perl5/5.6.1
     /usr/local/lib/perl5/site_perl/5.6.1/i386-freebsd
     /usr/local/lib/perl5/site_perl/5.6.1
     /usr/local/lib/perl5/site_perl/5.005/i386-freebsd
     /usr/local/lib/perl5/site_perl/5.005
     /usr/local/lib/perl5/site_perl

so, i'm hoping that's not the problem.

can anyone help me out with this difficulty?

thanks,
   twkonefal

Re: problems with Apache::AuthTicket

Posted by Michael Schout <ms...@gkg.net>.

Tomasz Konefal wrote:

> PerlSetVar FtpFuTicketSecretTable ticketsecrets:sec_version:sec_data

> PerlSetVar FtpFuTicketExpires 15
> PerlSetVar FtpFuTicketLogoutURI /authorized/ftpfu.cgi
> PerlSetVar FtpFuTicketLoginHandler /ftpfulogin
> PerlSetVar FtpFuTicketIdleTimeout 1
> PerlSetVar FtpFuPath /
> PerlSetVar FtpFuDomain .compt.com
> PerlSetVar FtpFuSecure 1
> PerlSetVar FtpFuLoginScript /ftpfuloginform

A few things that might cause this:

1) Did you remember to create a secret key in table "ticketsecrets"?
2) Are you accessing the forms using HTTPS (NOT HTTP)? You need to use
HTTPS if ${AuthName}Secure is true (which it is above).
3) Make sure FtpFuDomain matches the hostname you are accessing.

Everything else looks fine as far as I can tell.

Mike