[BackupPC-users] Apache auth back-end incompatability?

Mon, 08 Aug 2022 17:19:38 -0700 

I have a backuppc instance which is set up in the "standard" configuration,
using Apache's ExecCGI with the index.pl script being setuid to backuppc.

Using the example authentication block for the Apache config, everything
has been working as expected.  The 'htpasswd' file referenced below has
only the default "backuppc" user in it.
        AuthUserFile /etc/backuppc/htpasswd
        AuthType basic
        AuthName "BackupPC admin"
        <RequireAll>
            Require valid-user
        </RequireAll>

I'm trying to replace this with our internal standard config, which is to
authenticate against an internal fcgi-based AuthNZ server.  As part of this
migration I changed CgiAdminUsers to '*'.
        AuthType basic
        AuthBasicProvider   PortalAuthnz
        AuthName "BackupPC admin"
        <RequireAll>
            Require user "u...@example.com"
        </RequireAll>

This sortof-works.  Apache authenticates the user, and backuppc's CGIs
generate the right pages and do not complain about an unauthenticated
user.  However, any backuppc CGIs that generate an Image do not work.  On
the main page I'm getting broken image icons where the pool graphs should
be.  If I try to hit the image-generating URLs directly, I get 16x16 white
blocks.  In both cases, Apache logs an HTTP 200 result, along with the
correct authenticated user name.   I've checked the headers returned (using
Chrome Dev tools) and I'm also seeing a 200 there.

I'm not sure if I should be expecting to see CGI activity sent to LogDir,
but I see neither error nor success logged there
(/var/lib/backuppc/log/LOG).

On the theory that somehow the CGIs were breaking when they saw an email
address instead of a single username, I tried shoving the relevant email
addresses into the AuthUserFile based setup, and that worked as expected.

My working theory right now is that there's some inherent incompatibility
between the image-generation functions of index.pl and
mod_authnz_external.  But, I've got no idea how to troubleshoot that
further.

Anyone have any suggestions?

_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    https://github.com/backuppc/backuppc/wiki
Project: https://backuppc.github.io/backuppc/














    











					Reply via email to