Jose Parrella wrote:
>> Try to give a name to the resource that you are trying to protect.
>
> I named the resource, also, in one of my tests. I'm also aware thay
> you have a test webserver where plaintext auth actually works.
>
> However, I think I found a workaround (and hit a bug?). Seems like
> authentication doesn't work if applied to the root directory of a
> server, and when user has at least Lynx and Firefox. When I changed
> Directory / to Directory /test, it worked (well PAM didn't but
> anyway I won't use PAM over plain HTTP)
>
> So, now: Is there any way to require authentication for the
> DocumentRoot of a server in Cherokee? (besides requiring
> authentication in a per-extension basis)
You're right, you've found a bug. Here is the patch:
http://www.0x50.org/bugs/changeset/321
and here is a new beta version of the next stable release that
already includes it:
http://www.alobbs.com/tmp/cherokee-0.5.4b3.tar.gz
>>> 2) When I try to wget the webpage it says 401 Authorization required. If
>>> I specify the information in the CLI, it downloads the webpage.
>>
>> This is the expected behavior, actually.
>
> The only problem is that most of my users use Firefox/Internet Explorer
> to access to my webpages. I would have to force them to use (at least)
> wget to do this. I also tested with Lynx, but I'm getting the same 401
> without asking for credentials (when trying to authenticate /)
I'm wondering if I've understood the problem. The problem is that
your users are receiving an error message without any dialog box
coming up for asking them the user and password?
If so, I think there are two possible sources for the problem. It
might be that either there was no "Name" entry inside the "Auth"
block, or it was because of the bug that you found.
>> Could you please tell me how did you create it? I'd like to try to
>> reproduce the problem; I've tried, but it works for me.
>
> 1. First try
>
> /usr/lib/ssl/misc/CA.pl -newca
> /usr/lib/ssl/misc/CA.pl -newreq
> /usr/lib/ssl/misc/CA.pl -newsign
>
> Then I copy newkey.pem and newcert.pem to /etc/cherokee/ssl and change
> the paths in /etc/cherokee/mods-enabled/ssl accordingly (newkey.pem for
> the private key, PEM encoded; newcert.pem for the certificate and CA
> list files, PEM encoded)
>
> When I try to boot cherokee I get the following error:
> virtual_server.c:281: ERROR: reading X.509 key
> '/etc/cherokee/ssl/newkey.pem' or certificate
> '/etc/cherokee/ssl/newcert.pem' file
>
> 2. Second try
>
> openssl req -config /etc/ssl/openssl.cnf -new -x509 -nodes -out
> /etc/cherokee/ssl/cherokee.pem -keyout /etc/cherokee/ssl/cherokee.pem
>
> Then Cherokee "boots" but it doesn't respond to HTTP or HTTPS requests.
Check out the last comment of this bug:
http://www.0x50.org/bugs/ticket/53
I bet it is because of the random number generation. Could you check
where it gets stuck? (with strace or truss)
--
Greetings, alo.
http://www.alobbs.com
_______________________________________________
Cherokee mailing list
[email protected]
http://www.0x50.org/cgi-bin/mailman/listinfo/cherokee
