Send modauthtkt-users mailing list submissions to
modauthtkt-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/modauthtkt-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of modauthtkt-users digest..."
Today's Topics:
1. Re: mod_auth_tkt and apache 2.2 (Gavin Carr)
2. FilesMatch and mod_rewrite [slightly offtopic] (Michael Peters)
3. Re: FilesMatch and mod_rewrite [slightly offtopic] (Peter Karman)
4. Re: FilesMatch and mod_rewrite [slightly offtopic]
(Michael Peters)
5. Re: FilesMatch and mod_rewrite [slightly offtopic]
(Jose Luis Martinez)
6. Apache::AuthTkt 0.08 released (Gavin Carr)
7. Re: Apache::AuthTkt 0.08 released (Peter Karman)
8. Re: Apache::AuthTkt 0.08 released (Jose Luis Martinez)
9. mod_auth_tkt 2.0.0rc3 released (Gavin Carr)
10. TKTAuthLoginURL using server ip addr? (Brian Kuschak)
11. Re: TKTAuthLoginURL using server ip addr? (Gavin Carr)
----------------------------------------------------------------------
Message: 1
Date: Sun, 2 Mar 2008 20:44:05 +1100
From: Gavin Carr <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] mod_auth_tkt and apache 2.2
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
On Fri, Feb 29, 2008 at 08:15:01AM -0600, Peter Karman wrote:
> On 02/29/2008 07:38 AM, [EMAIL PROTECTED] wrote:
>
> > Apache depreceates the use of pcreposix and favors ap_regex instead.
> > Mod_auth_tkt still
> > uses pcreposix, which has to be included seperately as it is no longer part
> > of the
> > apache source code distribution.
> >
> > Is somebody working on this? I am not a big coder myself, but I could give
> > it a shot
> > possibly...
>
> There have been a couple patches already sent to this list to address that
> issue (and
> other 2.2 issues). Search the archives.
>
> Not sure if/when Gavin intends to apply them and push out another RC.
Gavin is, and hopefully soon. Recent work storms appear to be abating ...
Cheers,
Gavin
------------------------------
Message: 2
Date: Tue, 04 Mar 2008 16:23:40 -0500
From: Michael Peters <[EMAIL PROTECTED]>
Subject: [modauthtkt-users] FilesMatch and mod_rewrite [slightly
offtopic]
To: mod_perl <[EMAIL PROTECTED]>
Cc: modauthtkt <modauthtkt-users@lists.sourceforge.net>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
We have a web application that uses authentication, and we task mod_auth_tkt
with that. Authentication takes place on the proxy, and CGI requests are passed
to a second mod_perl server using mod_rewrite.
We recently ran into the following problem, however. We are putting the auth_tkt
directives inside a FilesMatch block thusly:
<FilesMatch "\.(html|cgi|pl)">
....
</FilesMatch>
For static HTML that is served by the proxy (i.e. that mod_rewrite doesn't pass
onto mod_perl), mod_auth_tkt successfully redirects to the login page as
configured. But requests for .pl files are not blocked in this way --
mod_rewrite sends those to the mod_perl server, where mod_auth_tkt is not
running.
Now, if we change things up a little, and use <LocationMatch> as the container
for the auth_tkt directives, that will successfully catch all requests to .html
and .pl files in that location.
Thus, in the first case, it looks like mod_rewrite is doing its thing before
mod_auth_tkt gets a chance to forward the user to the login page, but in the
second case, mod_auth_tkt gets to look at the request before mod_rewrite does
its thing.
The apache docs indicate that LocationMatch blocks are evaluated before
FilesMatch, so our guess is that perhaps mod_rewrite is doing its thing in
between?
Can anyone shed some light on when mod_auth_tkt and mod_rewrite handle the
request? We'd love to be able to use FilesMatch for various reasons, and we
don't want a second mod_auth_tkt running on the mod_perl server.
--
Michael Peters
Plus Three, LP
------------------------------
Message: 3
Date: Tue, 04 Mar 2008 15:40:05 -0600
From: Peter Karman <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] FilesMatch and mod_rewrite [slightly
offtopic]
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=UTF-8
On 03/04/2008 03:23 PM, Michael Peters wrote:
>
> The apache docs indicate that LocationMatch blocks are evaluated before
> FilesMatch, so our guess is that perhaps mod_rewrite is doing its thing in
> between?
>
> Can anyone shed some light on when mod_auth_tkt and mod_rewrite handle the
> request? We'd love to be able to use FilesMatch for various reasons, and we
> don't want a second mod_auth_tkt running on the mod_perl server.
>
do you have a [PT] (passthrough) flag on the relevant mod_rewrite lines?
Also, what version of Apache is the proxy?
--
Peter Karman . [EMAIL PROTECTED] . http://peknet.com/
------------------------------
Message: 4
Date: Tue, 04 Mar 2008 16:40:43 -0500
From: Michael Peters <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] FilesMatch and mod_rewrite [slightly
offtopic]
To: Peter Karman <[EMAIL PROTECTED]>
Cc: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
Peter Karman wrote:
> do you have a [PT] (passthrough) flag on the relevant mod_rewrite lines?
No, just [P]
> Also, what version of Apache is the proxy?
2.0.59
--
Michael Peters
Plus Three, LP
------------------------------
Message: 5
Date: Wed, 05 Mar 2008 12:37:59 +0100
From: Jose Luis Martinez <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] FilesMatch and mod_rewrite [slightly
offtopic]
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
You can take a look at:
http://www.pplusdomain.net/cgi-bin/blosxom.cgi//02/08#000011
To see how I made frontends authenticate and pass credentials to
backends. I would go for the mod_headers, mod_setenv setup if I could.
Please send back comments on how you have finally got the setup to work.
Jose Luis Martinez
[EMAIL PROTECTED]
------------------------------
Message: 6
Date: Thu, 6 Mar 2008 10:34:13 +1100
From: Gavin Carr <[EMAIL PROTECTED]>
Subject: [modauthtkt-users] Apache::AuthTkt 0.08 released
To: mod_auth_tkt-users <modauthtkt-users@lists.sourceforge.net>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Hi all,
Apache::AuthTkt 0.08 has just been uploaded to CPAN, incorporating
Jose and Ton's ticket validation patches.
Only non-trivial tweak I made was renaming the valid_ticket method to
validate_ticket, since I prefer verbs to adjectives ;-). But I also
added a valid_ticket method alias, so both should work out of the box.
Thanks go to Jose and Ton for the contribution. Feedback/problems to
the list please.
Cheers,
Gavin
------------------------------
Message: 7
Date: Wed, 05 Mar 2008 20:45:52 -0600
From: Peter Karman <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] Apache::AuthTkt 0.08 released
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Gavin Carr wrote on 3/5/08 5:34 PM:
> Hi all,
>
> Apache::AuthTkt 0.08 has just been uploaded to CPAN, incorporating
> Jose and Ton's ticket validation patches.
>
> Only non-trivial tweak I made was renaming the valid_ticket method to
> validate_ticket, since I prefer verbs to adjectives ;-). But I also
> added a valid_ticket method alias, so both should work out of the box.
>
> Thanks go to Jose and Ton for the contribution. Feedback/problems to
> the list please.
>
Cool. Thanks, Gavin.
/me goes off to update the AuthTkt Catalyst plugin...
--
Peter Karman . http://peknet.com/ . [EMAIL PROTECTED]
------------------------------
Message: 8
Date: Thu, 06 Mar 2008 10:36:53 +0100
From: Jose Luis Martinez <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] Apache::AuthTkt 0.08 released
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Gavin Carr wrote:
> Thanks go to Jose and Ton for the contribution. Feedback/problems to
> the list please.
Thanks to you for developing mod_auth_tkt ;)
Peter Karman wrote:
> /me goes off to update the AuthTkt Catalyst plugin...
Yay!
Jose Luis Martinez
[EMAIL PROTECTED]
------------------------------
Message: 9
Date: Mon, 10 Mar 2008 20:13:19 +1100
From: Gavin Carr <[EMAIL PROTECTED]>
Subject: [modauthtkt-users] mod_auth_tkt 2.0.0rc3 released
To: mod_auth_tkt-users <modauthtkt-users@lists.sourceforge.net>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Okay, so after _way_ too long, RC3 of mod_auth_tkt 2.0.0 is available
for your testing pleasure:
http://www.openfusion.com.au/labs/dist/mod_auth_tkt-2.0.0rc3.tar.gz
I've also built CentOS/RHEL RPMs for the platforms I support, which
are also available. CentOS/RHEL 4:
http://www.openfusion.com.au/mrepo/centos4-i386/RPMS.of/mod_auth_tkt-2.0.0rc3-1.el4.i386.rpm
http://www.openfusion.com.au/mrepo/centos4-i386/RPMS.of/mod_auth_tkt-cgi-2.0.0rc3-1.el4.i386.rpm
CentOS/RHEL5:
http://www.openfusion.com.au/mrepo/centos5-i386/RPMS.of/mod_auth_tkt-2.0.0rc3-1.of.el5.i386.rpm
http://www.openfusion.com.au/mrepo/centos5-i386/RPMS.of/mod_auth_tkt-cgi-2.0.0rc3-1.of.el5.i386.rpm
These have been tested on apache 2.0 and 2.2, and pass the test
suite without errors.
Comments/feedback to the list please.
The plan is to release a final 2.0.0 in 1-2 weeks, assuming there
aren't any major issues.
Cheers,
Gavin
------------------------------
Message: 10
Date: Tue, 1 Apr 2008 11:42:41 -0700 (PDT)
From: Brian Kuschak <[EMAIL PROTECTED]>
Subject: [modauthtkt-users] TKTAuthLoginURL using server ip addr?
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=iso-8859-1
I'm using mod_auth_tkt in an embedded application, and
it seems to be working well. However, the host
address is assigned by DHCP, and the IP is not
registered with a DNS server. The user accesses the
device directly by IP address.
Is there a way to configure this module so
TKTAuthLoginURL, etc. can be configured for relative
URLs (like ./cgi-bin-pub/login.cgi)? Or to let the
module fill in the IP address of the http server
rather than specifying it in the config file?
My workaround is to use a sed script to change the
URLs to the current IP address everytime it changes,
and restart httpd, but I'd prefer something cleaner.
I don't mind hacking the code to implement this. Maybe
someone can point my in the right direction?
Thanks,
Brian
____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total
Access, No Cost.
http://tc.deals.yahoo.com/tc/blockbuster/text5.com
------------------------------
Message: 11
Date: Wed, 2 Apr 2008 11:16:09 +1100
From: Gavin Carr <[EMAIL PROTECTED]>
Subject: Re: [modauthtkt-users] TKTAuthLoginURL using server ip addr?
To: modauthtkt-users@lists.sourceforge.net
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Hi Brian,
On Tue, Apr 01, 2008 at 11:42:41AM -0700, Brian Kuschak wrote:
> I'm using mod_auth_tkt in an embedded application, and
> it seems to be working well. However, the host
> address is assigned by DHCP, and the IP is not
> registered with a DNS server. The user accesses the
> device directly by IP address.
>
> Is there a way to configure this module so
> TKTAuthLoginURL, etc. can be configured for relative
> URLs (like ./cgi-bin-pub/login.cgi)? Or to let the
> module fill in the IP address of the http server
> rather than specifying it in the config file?
Right now there isn't, no.
According to the RFC, redirects should use absolute URLs. But
I believe that relative URLs actually do work a lot of the time.
Have you tried just putting a relative URL in there?
> My workaround is to use a sed script to change the
> URLs to the current IP address everytime it changes,
> and restart httpd, but I'd prefer something cleaner.
>
> I don't mind hacking the code to implement this. Maybe
> someone can point my in the right direction?
One approach would be to modify the redirect() code to check if the
location arg is relative, and turn it into an absolute if so using
the schema and hostinfo we've already derived there. That should be
relatively straightforward, I think, and would be better behaved per
the RFC.
Cheers,
Gavin
------------------------------
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
------------------------------
_______________________________________________
modauthtkt-users mailing list
modauthtkt-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/modauthtkt-users
End of modauthtkt-users Digest, Vol 17, Issue 1
***********************************************
