interesting problem with mod_auth/AuthAuthoritative
am 25.10.2004 16:35:29 von speevesHi!
I had some problems with getting Apache 2.0.52 compiled from source on
Debian unstable to DECLINE from mod_auth authentication, to mod_ldap.
Apparently, the problem was that AuthAuthoritative was being reset to
1. After debugging with gdb, I found that this was happening here:
modules/aaa/mod_auth.c
static int authenticate_basic_user(request_rec *r)
{
auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
&auth_module); // this
is called per request
const char *sent_pw;
char *real_pw;
apr_status_t invalid_pw;
int res;
in the *conf call. What happened was that I set AuthAuthoritative in
the httpd.conf file, in the
AuthUserFile and AuthGroupFile in the .htaccess file. For whatever
reason, AuthAuthoritative, (which was originally set to 'off'), was
being reset to its default value of 'on', which is set in:
modules/aaa/mod_auth.c
static void *create_auth_dir_config(apr_pool_t *p, char *d)
{
auth_config_rec *conf = apr_palloc(p, sizeof(*conf));
....
conf->auth_authoritative = 1; /* keep the fortress secure by default */
return conf;
}
everytime authenticate_basic_user() was being called. This would not
allow mod_auth to hand-off authentication to mod_ldap.
The fix to this problem was to put AuthAuthoritative, AuthUserFile, and
AuthGroupFile all in one place, (either in the httpd.conf file, or in
..htaccess).
Is there a reason why you can't set AuthAuthoritative globally, and then
Auth*File in the .htaccess file?
--
Shannon Eric Peevey => "speeves"
Dyno-Mite! System Administrator => speeves@unt.edu
Central Web Support => (940) 369-8876
University of North Texas => http://web2.unt.edu
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org