fakebasicauth and authdbi issues.

Sat, 16 Oct 1999 02:03:42 -0700 

Hi,

  I'm tring to use a combination of fakebasicauth and Apache::AuthDBI.

  On a non-SSL enbled site I've tried this:

        <Location /index.html>
                AuthName Test
                AuthType Basic
                SetHandler perl-script
                PerlAuthenHandler       Apache::AuthDBI::authen
                PerlAuthzHandler        Apache::AuthDBI::authz
                PerlSetVar      Auth_DBI_data_source    dbi:mysql:site
                PerlSetVar      Auth_DBI_username       root
                PerlSetVar      Auth_DBI_password       blah
                PerlSetVar      Auth_DBI_pwd_table      users
                PerlSetVar      Auth_DBI_uid_field      username
                PerlSetVar      Auth_DBI_pwd_field      password
                PerlSetVar      Auth_DBI_grp_field      groupname
                require valid-user
                PerlSendHeader On
        </Location>

  and it works fine.  The db table only has username and password pairs.
The usernames match the subject name and password is the encrypted string of
'password'.  I'm asked to authenticate, I fill in that long subject name
/C=something/ST=somethingelse for usernamd and xxj31ZMTZzkVA for password,
and I see the page.  When I fill it in wrong, I'm denied and an entry is
written to log.

  On an SSL enabled site basic authentication to and htpasswd files works:

          SSLVerifyClient require
          SSLOptions +FakeBasicAuth +StrictRequire
          other SSL stuff
         <Location /blah.html>
               AuthType Basic
               AuthName Experiment
               AuthUserFile /usr/local/etc/apache/testpasswd
               require valid-user
         </Location>
and it works like it's supposed to.   I don't ever see the authentication
dialogue.  The passwd file likes something like this =>
/C=blah/ST=blah...:xxj31ZMTZzkVA.

  However, when I try using the AuthDBI facilities with the exactly same
config block up at the top, within the SSL-enabled site, I'm presented with
an authentication windows.  Furthermore, there is no error log entry, which
leads me to believe that no authentication has been attempted at all and the
browser is being challenged for the first time.

  Has anyone seen this?  Is there something going on here with FakeBasicAuth
more than merely setting a username and passwd and passing that back to
Apache?

tia.
r.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to