Hi.
Just some tips, to simplify the issue, below in the text :
On 14.05.2020 06:09, Scott Alexander wrote:
Hi,
Thanks for your answer, but for me this is confusing.
I have
Apache2_4::AuthCookie is up to date. (3.30)
Apache2::AuthCookie is up to date. (3.30) <--- you do not need this with
Apache 2.4
Server version: Apache/2.4.6 (CentOS)
Server built: Apr 2 2020 13:13:23
at the end of /etc/httpd/conf.d/ssl.conf there is include
/systems/achilles/config/mine_auth_cookie_mod_perl_server_apache2.conf
my @inc has /systems/achilles/lib
and I have /systems/achilles/lib/Apache2/AuthCookieHandler.pm
and /systems/achilles/lib/Apache2_4/AuthCookieHandler.pm
in both AuthCookieHandler.pm I've renamed the package line to eg
package Apache2_4::AuthCookieHandler;
In the directory I want to protect should I have
Not with Apache 2.4 :
AuthType Apache2::AuthCookieHandler
AuthName WhatEver
PerlAuthenHandler Apache2::AuthCookieHandler->authenticate
Require valid-user
or
this is what you need with Apache 2.4 :
AuthType Apache2_4::AuthCookieHandler
AuthName WhatEver
PerlAuthenHandler Apache2_4::AuthCookieHandler->authenticate
Require valid-user
And then what subs/methods I need to add into which AuthCookieHandler.pm ?
in startup.pl should I have both or just one?
use Apache2::AuthCookie ; <-- you do not need this
use Apache2_4::AuthCookie ; <-- this is correct for Apache 2.4
I am not porting from 2.2. I have used Shibboleth until now to protect directories but
this project I can not use Shibboleth.
And how exactly do you want the user to authenticate ? via a login page where they enter
their id and password ?
And what is the way in which you are going to check that these id and password
are correct ?
(in other words : where are the user ids and passwords stored ?)
And how many different users are you planning to have ?
Terveisin/Regards
**
*Scott Alexander*
scott.alexan...@humak.fi <mailto:scott.alexan...@humak.fi>
------------------------------------------------------------------------------------------
*From:* Edward J. Sabol <edwardjsa...@gmail.com>
*Sent:* 12 May 2020 00:58
*To:* Scott Alexander <scott.alexan...@humak.fi>
*Cc:* mod_perl list <modperl@perl.apache.org>
*Subject:* Re: Apache2:AuthCookie With httpd 2.4
On May 11, 2020, at 8:58 AM, Scott Alexander <scott.alexan...@humak.fi> wrote:
I've included using https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmanpages.debian.org%2Funstable%2Flibapache2-authcookie-perl%2FApache2_4%3A%3AAuthCookie.3pm.en.html&data=02%7C01%7C%7Cfdafa4a140a44a1c47ed08d7f5f66767%7Ca30a558eb6084b2c8f39a7fa426fa49d%7C0%7C0%7C637248310956933568&sdata=XwSR%2FO7jCwZrZLuYRSWWhp%2Fwz7tCtWkCzjs0fTRTIDk%3D&reserved=0
as an example
# In httpd.conf or .htaccess:
PerlModule Sample::Apache2::AuthCookieHandler
PerlSetVar WhatEverPath / .....
to my ssl.conf file
No changes made to httpd.conf or ssl.conf.
Those two statements seem to be conflicting? I keep my authentication/authorization
information in httpd.conf, personally.
When trying to access the page I get the errors above.
That sample configuration from the POD assumes that you are subclassing
Apache2::AuthCookie and that the name of your subclass is
Sample::Apache2::AuthCookieHandler. It's meant to be illustrative. I'm guessing you don't
actually have such a subclass. Try just removing the "Sample::" part. You can probably
also find working examples in the tests in the "t" subdirectory.
I've read this
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmetacpan.org%2Fpod%2Fdistribution%2FApache-AuthCookie%2FREADME.apache-2.4.pod&data=02%7C01%7C%7Cfdafa4a140a44a1c47ed08d7f5f66767%7Ca30a558eb6084b2c8f39a7fa426fa49d%7C0%7C0%7C637248310956933568&sdata=SyqV%2FQzJyud4W6ENIgEY9nk%2F9uBzBGf7p6gmShAqivc%3D&reserved=0
which unfortunately doesn't make sense to me.
That POD is meant for people developing (or porting from Apache 2.2.x) their own Perl
modules for doing authentication and authorization under Apache 2.4.x. AuthCookie already
handles all of this for you, assuming you only need or use AuthCookie. It might apply if
you are subclassing from AuthCookie and you get into the gritty details, such as
implementing your own AuthzProvider. Check out Apache2_4::AuthCookieDBI for an example of
that.
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmetacpan.org%2Fpod%2FApache2_4%3A%3AAuthCookieDBI&data=02%7C01%7C%7Cfdafa4a140a44a1c47ed08d7f5f66767%7Ca30a558eb6084b2c8f39a7fa426fa49d%7C0%7C0%7C637248310956933568&sdata=ew5g7VpZFmfs%2FHN9NAdA9YqHtLY11o36UBl9ljp0zN0%3D&reserved=0
Regards,
Ed
