Author: tille Date: 2008-09-29 08:19:04 +0000 (Mon, 29 Sep 2008) New Revision: 2552
Added: trunk/packages/agdbnet/trunk/debian/TODO Modified: trunk/packages/agdbnet/trunk/debian/README.Debian trunk/packages/agdbnet/trunk/debian/postinst Log: Better description of authentication method for agcurate Modified: trunk/packages/agdbnet/trunk/debian/README.Debian =================================================================== --- trunk/packages/agdbnet/trunk/debian/README.Debian 2008-09-29 07:53:30 UTC (rev 2551) +++ trunk/packages/agdbnet/trunk/debian/README.Debian 2008-09-29 08:19:04 UTC (rev 2552) @@ -114,4 +114,46 @@ A patch in the Debian packaged version of agdbnet enables this feature which is not (yet) supportet upstream. + +Authentication methods for agcurate.pl +-------------------------------------- + +The agcurate.pl script enables some users - so called curators - +to upload maintain sequences and permissions of other users. To +become a curator an authentication process via Apache authentication +is required. A detailed description of Apache authentication +mechanisms is given at + + http://httpd.apache.org/docs/2.2/howto/auth.html + +For the sake of simplicity and to get something working fast the +most simple method "anonymous" was choosen for this Debian package. +This methods provides nearly non security for your agdbnet database +because everybaody who is able to guess the name of a user who is +registered as a curator and just uses any email-ish string as +password (it just has to contain a '@' and a '.' and is not matched +against the email string in the database) gets access to maintenance +of the database. In most cases this situation is not acceptable +and thus you are strongly encouraged to use a stronger Apache +authentication method. If the users who should be enabled to work +as curators are in an environment with LDAP authentication it is +strongly recommended to use Apaches LDAP authentication method which +is described here + + http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html + +To enable apache to use this method you have to enable the +necessary modules via + + ln -s ../mods-available/auth_ldap.load /etc/apache2/mods-enabled + ln -s ../mods-available/authnz_ldap.load /etc/apache2/mods-enabled + +In principle this should be possible using apache-modconf + + apache-modconf apache enable auth_ldap + apache-modconf apache enable authnz_ldap + +but in my tests this did not worked unfortunately so the method to +place the symlinks manually should be prefered for the moment. + -- Andreas Tille <[EMAIL PROTECTED]>, Wed, 24 Sep 2008 14:23:04 +0200 Added: trunk/packages/agdbnet/trunk/debian/TODO =================================================================== --- trunk/packages/agdbnet/trunk/debian/TODO (rev 0) +++ trunk/packages/agdbnet/trunk/debian/TODO 2008-09-29 08:19:04 UTC (rev 2552) @@ -0,0 +1,4 @@ +What is the sense of apache-modconf? +The command + apache-modconf apache enable authn_anon +does nothing and I have to manually do Modified: trunk/packages/agdbnet/trunk/debian/postinst =================================================================== --- trunk/packages/agdbnet/trunk/debian/postinst 2008-09-29 07:53:30 UTC (rev 2551) +++ trunk/packages/agdbnet/trunk/debian/postinst 2008-09-29 08:19:04 UTC (rev 2552) @@ -131,12 +131,23 @@ /usr/share/${pkg}/xml2sql.pl -u '"www-data"' "$XMLOUT" > "$SQLDIR"/"$XMLNAME".sql chmod 666 "$SQLDIR"/"$XMLNAME".sql + # Enable Apache anonymous authentication for agcurate.pl + # script + # apache-modconf apache enable authn_anon + # I have no idea for what purpose apache-modconf exists - + # at least it does not set the necessary link - so do it + # manually here ... + ln -s ../mods-available/authn_anon.load /etc/apache2/mods-enabled # Restart Apache to register configuration for agcurator - if [ -x /usr/sbin/invoke-rc.d ]; then - invoke-rc.d apache2 reload 3>/dev/null || true - else - /etc/init.d/apache2 reload 3>/dev/null || true - fi + if apache2ctl configtest 2>/dev/null; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d apache2 reload 3>/dev/null || true + else + /etc/init.d/apache2 reload 3>/dev/null || true + fi + else + echo "Your apache2 configuration is broken, so we're not restarting it for you." + fi ;; abort-upgrade|abort-remove|abort-deconfigure) _______________________________________________ debian-med-commit mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/debian-med-commit
