-------- Original Message -------- Subject: Re: Apache::AuthzNIS ... problem? Date: Fri, 06 Feb 2004 10:13:30 -0700 From: Ed Santiago <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED], "ShannonEricPeevey" <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]>
From a quick look at the source to AuthzNIS.pm, it looks like the
module cannot handle 'group XXX' if XXX is your default group (i.e. the one in your passwd entry). It only seems to handle logins explicitly mentioned in the 'group' YP map.
One solution might be to add code like this to AuthzNIS.pm :
... my $name = MP2 ? $r->user : $r->connection->user; + FIXME: to be consistent, maybe use yp_match() instead of getpwnam? + my @pwent = getpwnam($name) + or (FIXME: log error, then return failure? continue?) + my $default_gid = $pwent[3]; .....
- my @names = split /\,/, $entry;
- $names[0] =~ s/^.*:.*:.*://;
+ my (undef, undef, $gid, $names) = split ':', $entry, 4;
+ # Is this the remote user's default group, per passwd? Allow.
+ if ($gid == $default_gid) {
+ return MP2 ? Apache::OK : Apache::Constants::OK;
+ }
+ # Not user's default group. See if s/he is enumerated in group entry.
+ my @names = split /\,/, $names;
foreach my $oneuser (@names) {
....
On Fri, 6 Feb 2004 17:42:21 +0100, [EMAIL PROTECTED] wrote:
>OK, I accept your point(er!). >
>I _assumed_ these were ANDed. However, when I use the following lines: >
><Directory "/pkg/vdc52/ddts/www/">
>
> AuthName "NIS Authentification"
> AuthType Basic
> PerlAuthenHandler Apache::AuthenNIS
> #require valid-user
> PerlAuthenHandler Apache::AuthzNIS
> require group user52
>
></Directory>
>
> ... with user: ryanp52,
>
>[deuxvi54:/pkg/vdc52/home/ryanp52][ryanp52]$ id uid=40646(ryanp52) gid=52300(user52)
>[deuxvi54:/pkg/vdc52/home/ryanp52][ryanp52]$ >
>it still fails. The login authentification box continuously prompts me for a password despite me having supplied a valid passwd. The directive: "require valid-user" works for this user and indeed others I have tested. >
>Log entries of interest are: >
>[Fri Feb 6 17:38:29 2004] [error] access to /ddts/ddts_main failed for 10.120.50.38, reason: Apache::AuthzNIS - user ryanp52: not authorized
>
>Hope this helps!
>
>Phil >
>
>
>
>
>
>
>
>Ed Santiago <[EMAIL PROTECTED]> schrieb am 06.02.04 17:33:27:
>
> >Pointers? Have tried various combinations and all fail ...
>
>Well, one pointer is: can you give a _wee_ bit more detail than "all fail"?
>As you no doubt know from your users, saying "it doesn't work" doesn't
>make for an easy time tracking down a problem...
>
>Helpful details would include the symptoms seen on the browser,
>and probably the relevant entries from logs/error_log.
>
> > require valid-user
> > require group user52
>
>You don't want the first line. The require conditions are OR'ed, not ANDed.
>
>^E
>
>
>
-- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
