For waht its worth, I've gotten the Apache-AuthCookie & Apache-AuthCookieDBI to work with my apache configured as:
Apache/2.0.44 (Unix) mod_perl/1.99_09-dev Perl/v5.8.0 mod_ssl/2.0.44 OpenSSL/0.9.6g DAV/2 PHP/4.3.0 mod_jk2/2.0.2
I hope someone finds this a bit usefull, sorry to post here if this is not the correct forum
It works fine with the following modperl.conf parameters:
(Cookies are not created if "domain" is set)
PerlModule Apache::compat
PerlModule ModPerl::Registry
PerlModule Apache::AuthDBI
PerlModule Apache::AuthenIMAP
PerlTaintCheck Off
Alias /modperl/ "/opt/apache2/modperl/"
<Directory "/opt/apache2/modperl">
Options Indexes MultiViews All
AllowOverride FileInfo AuthConfig Limit
<Limit GET POST PUT>
Order allow,deny
Allow from 192.168.250.
Deny from 192.168.250.199
</Limit>
</Directory>
<Location /modperl>
SetHandler perl-script
PerlOptions +GlobalRequest
PerlResponseHandler ModPerl::Registry
Options +ExecCGI
</Location>
# This PerlSetVar MUST precede the PerlModule line because the
# key is read in a BEGIN block when the module is loaded.
PerlSetVar ECGDBI_SecretKeyFile /opt/apache2/conf/ec-group.com.key
PerlModule Apache::AuthCookieDBI
PerlSetVar AuthCookieDebug 0
PerlSetVar ECGPath /protected
# Usually documents are uncached - turn off here
PerlSetVar ECGCache 1
PerlSetVar ECGLoginScript /modperl/authLogin.pl
# Optional, to share tickets between servers.
# PerlSetVar ECGDomain .ec-group.com
# These must be set
PerlSetVar ECGDBI_DSN "DBI:Pg:dbname=acl;host=localhost"
# Sample for postgreSQL to populate users:
# Schema for creating the database tables for an authentication system.
#CREATE TABLE users (
# username CHAR(16) PRIMARY KEY,
# passwd VARCHAR(50)
#);
#CREATE TABLE groups (
# org CHAR(16),
# username CHAR(16)
#);
# These are optional, the module sets sensible defaults.
PerlSetVar ECGDBI_User "XXXX"
PerlSetVar ECGDBI_Password "XXXX"
PerlSetVar ECGDBI_UsersTable "users"
PerlSetVar ECGDBI_UserField "username"
PerlSetVar ECGDBI_PasswordField "passwd"
PerlSetVar ECGDBI_CryptType "md5"
PerlSetVar ECGDBI_GroupsTable "groups"
PerlSetVar ECGDBI_GroupField "org"
PerlSetVar ECGDBI_GroupUserField "username"
PerlSetVar ECGDBI_EncryptionType "none"
PerlSetVar ECGDBI_SessionLifetime 00-24-00-00
# Protected by AuthCookieDBI.
<Location /protected>
AuthType Apache::AuthCookieDBI
AuthName ECG
#SetHandler perl-script
PerlOptions +GlobalRequest
Options ExecCGI
PerlAuthenHandler Apache::AuthCookieDBI->authenticate
PerlAuthzHandler Apache::AuthCookieDBI->authorize
require valid-user
require group ec-group
</Location>
# Login location.
<Files LOGIN>
AuthType Apache::AuthCookieDBI
AuthName ECG
PerlOptions +GlobalRequest
SetHandler perl-script
PerlResponseHandler Apache::AuthCookieDBI->login
</Files>
--
Brian Millett Enterprise Consulting Group "Shifts in paradigms
(314) 205-9030 often cause nose bleeds."
[EMAIL PROTECTED] Greg Glenn
--- Apache-AuthCookie-3.04/AuthCookie.pm Wed Sep 25 11:44:31 2002
+++ AuthCookie.pm Fri Feb 14 13:23:56 2003
@@ -4,9 +4,9 @@
use Carp;
use mod_perl qw(1.07 StackedHandlers MethodHandlers Authen Authz);
-use Apache::Constants qw(:common M_GET FORBIDDEN REDIRECT);
+use Apache::Constants qw(:common M_GET HTTP_FORBIDDEN HTTP_MOVED_TEMPORARILY);
use Apache::AuthCookie::Util;
-use Apache::Util qw(escape_uri);
+use Apache::Util qw(escape_path);
use vars qw($VERSION);
# $Id: AuthCookie.pm,v 2.39 2002/09/25 16:44:31 mschout Exp $
@@ -26,7 +26,7 @@
my ($user,@args) = $auth_type->authen_ses_key($r, $cookie);
if ($user and scalar @args == 0) {
$r->log_error("user is $user") if $debug >= 2;
- $r->connection->user($user);
+ $r->user($user);
} elsif (scalar @args > 0 and $auth_type->can('custom_errors')) {
return $auth_type->custom_errors($r, $user, @args);
}
@@ -51,7 +51,7 @@
or $name =~ /^credential_\d+$/;
$value = '' unless defined $value;
- push @pairs, escape_uri($name) . '=' . escape_uri($value);
+ push @pairs, escape_path($name,$r->pool) . '=' . escape_path($value,$r->pool);
}
$r->args(join '&', @pairs) if scalar(@pairs) > 0;
@@ -108,7 +108,7 @@
$r->err_header_out("Pragma" => "no-cache");
}
$r->header_out("Location" => $args{'destination'});
- return REDIRECT;
+ return HTTP_MOVED_TEMPORARILY;
}
sub logout($$) {
@@ -132,7 +132,7 @@
#my %args = $r->args;
#if (exists $args{'redirect'}) {
# $r->err_header_out("Location" => $args{'redirect'});
- # return REDIRECT;
+ # return HTTP_MOVED_TEMPORARILY;
#} else {
# $r->status(200);
# return OK;
@@ -179,8 +179,8 @@
# Tell the rest of Apache what the authentication method and
# user is.
- $r->connection->auth_type($auth_type);
- $r->connection->user($auth_user);
+ $r->auth_type($auth_type);
+ $r->user($auth_user);
$r->log_error("user authenticated as $auth_user") if $debug >= 1;
return OK;
@@ -229,9 +229,9 @@
return SERVER_ERROR;
}
#$r->log_error("Redirecting to $authen_script");
- $r->custom_response(FORBIDDEN, $authen_script);
+ $r->custom_response(HTTP_FORBIDDEN, $authen_script);
- return FORBIDDEN;
+ return HTTP_FORBIDDEN;
}
sub satisfy_is_valid {
@@ -266,11 +266,11 @@
my $reqs_arr = $r->requires or return DECLINED;
- my $user = $r->connection->user;
+ my $user = $r->user;
unless ($user) {
# user is either undef or =0 which means the authentication failed
$r->log_reason("No user authenticated", $r->uri);
- return FORBIDDEN;
+ return HTTP_FORBIDDEN;
}
my $satisfy = $auth_type->get_satisfy($r);
@@ -313,7 +313,7 @@
$forbidden = 1;
}
- return $forbidden ? FORBIDDEN : OK;
+ return $forbidden ? HTTP_FORBIDDEN : OK;
}
sub send_cookie {
@@ -533,7 +533,7 @@
=back
This is the flow of the authentication handler, less the details of the
-redirects. Two REDIRECT's are used to keep the client from displaying
+redirects. Two HTTP_MOVED_TEMPORARILY's are used to keep the client from displaying
the user's credentials in the Location field. They don't really change
AuthCookie's model, but they do add another round-trip request to the
client.
@@ -544,7 +544,7 @@
(-----------------------) +---------------------------------+
( Request a protected ) | AuthCookie sets custom error |
( page, but user hasn't )---->| document and returns |
- ( authenticated (no ) | FORBIDDEN. Apache abandons |
+ ( authenticated (no ) | HTTP_FORBIDDEN. Apache abandons |
( session key cookie) ) | current request and creates sub |
(-----------------------) | request for the error document. |<-+
| Error document is a script that | |
@@ -634,7 +634,7 @@
in your subclass, which will then be called. The method will be
called as C<$r-E<gt>species($r, $args)>, where C<$args> is everything
on your C<require> line after the word C<hamster>. The method should
-return OK on success and FORBIDDEN on failure.
+return OK on success and HTTP_FORBIDDEN on failure.
Currently users must satisfy ALL of the C<require> directives. I have
heard that other Apache modules let the user satisfy ANY of the
--- Apache-AuthCookieDBI-1.19/AuthCookieDBI.pm Fri May 10 02:14:09 2002
+++ AuthCookieDBI.pm Fri Feb 14 13:23:56 2003
@@ -37,7 +37,7 @@
use Apache;
use Apache::DBI;
-use Apache::Constants;
+use Apache::Constants qw(:common M_GET HTTP_FORBIDDEN HTTP_MOVED_TEMPORARILY);
use Apache::File;
use Digest::MD5 qw( md5_hex );
use Date::Calc qw( Today_and_Now Add_Delta_DHMS );
@@ -700,7 +700,7 @@
# Get the configuration information.
my %c = _dbi_config_vars $r;
- my $user = $r->connection->user;
+ my $user = $r->user;
# See if we have a row in the groups table for this user/group.
my $dbh = DBI->connect( $c{ DBI_DSN },
@@ -722,7 +722,7 @@
return OK if ( $sth->fetchrow_array );
}
$r->log_reason( "Apache::AuthCookieDBI: user $user was not a member of any of
the required groups @groups for auth realm $auth_name", $r->uri );
- return FORBIDDEN;
+ return HTTP_FORBIDDEN;
}
1;--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
