I had started this thread with some direct emails ... but joined this
mail list to broaden my search for answers ... please ..
Rick
Begin forwarded message:
From: Rick Hill <[email protected]>
Date: August 6, 2009 10:19:54 AM PDT
To: Phil Ames <[email protected]>, Chris Adams <[email protected]
>
Cc: Brian Donnelly <[email protected]>
Subject: Re: mod_auth_cas on OS X Server
Thanks, Phil.
I can use Basic authentication to access the protected resource when
the user is a system defined user account or from a userfile.
However, enabling mod_auth_cas still gives the same error. How is
it that Apache authorization is supposed to "map" the authorization
information returned by mod_auth_cas? Is it supposed to just map
the authenticated userid against .. something? Certainly I wouldn't
have (nor want) the user's campus login password locally. I also
do not want to create separate user accounts locally for each user.
Ideally, mod_auth_cas returns the valid userid and Apache matches
that against a flat file, dbm file or mysql entry.
As I get a little breathing space, I will enable LogLevel Debug and
see what I get ...
Rick
On Aug 5, 2009, at 6:23 PM, Phil Ames wrote:
Hi Rick,
The attribute with the uconn.edu string in it is just the XML
namespace for that document
(http://en.wikipedia.org/wiki/XML_Namespace). It should not have any
impact on whether or not the module properly authenticates users or
can parse the file.
That being said, your configuration does look sound. As Chris
suggests, were you able to get this working with an AuthType basic,
and then move over to AuthType CAS? The error message does not seem
mod_auth_cas specific, but more like an issue that Apache has with
being able to validate that whatever authenticated user it sees has
access to the resource. I would also recommend ensuring that Apache
is set to LogLevel Debug (on both the server level and vhost level)
to
see if that provides any additional information.
Thanks,
-Phil
On Tue, Aug 4, 2009 at 6:33 PM, Rick Hill<[email protected]> wrote:
Chris,
I was just using the examples for deploying mod_auth_cas our
campus has
provided ...
<Location /auth_secure/>
<IfModule mod_auth_cas.c>
AuthType CAS
Require valid-user
</IfModule>
</Location>
There was no specification for either a AuthUserFile or
AuthGroupFile. I
will test some basic authentication, however, I have Apche
protected realms
on the server that work just fine ...
I note that the cookie/cache file begins with the line:
<cacheEntry xmlns="http://uconn.edu/cas/mod_auth_cas";>
Is this correct?
Rick
On Aug 4, 2009, at 2:46 PM, Chris Adams wrote:
What's the config look like? You'll still need a normal AuthGroup
file -
have you tried this with a regular AuthUserFile without CAS at all?
Chris
On Aug 4, 2009, at 5:12 PM, Rick Hill <[email protected]> wrote:
I have been trying to implement mod_auth_cas on Mac OS X 10.5.x
Server.
Using the default installation (Apache/2.2.11 (Unix) mod_ssl/
2.2.11
OpenSSL/0.9.7l DAV/2 mod_perl/2.0.2 Perl/v5.8.8). Had issues
with apxs not
runnimng correctly. Fixed that (we think). However, now a
protected
directory does a CAS challenge but returns a 500 error.
The Apache error log shows:
[crit] [client 169.XXX.XXX.XXX] configuration error: couldn't
check
access. No groups file?: /auth_secure/index.html, referer:
http://hostname.name.edu/
The session cookie file is being written to the defined path ...
Any idea of why this is not working or nay place I can get advise?
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rick Hill, Webmaster
Academic Computing Services
College of Engineering
2160 Kemper Hall
Davis, CA 95616-5293
Office: (530) 752-1616
FAX: (530) 752-4465
Email: [email protected]
Web: http://engineering.ucdavis.edu
UNIVERSITY OF CALIFORNIA, DAVIS
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
