RE: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
Strictly speaking "_" is (was?) an illegal character for DNS names. I used to go round-n-round with a fellow sysadmin about that fact, and that we shouldn't use "_" in hostnames. Jim > -Original Message- > From: Rafael Caceres [mailto:[EMAIL PROTECTED]] > Sent: Monday, May 06, 2002 10:23 AM > To: Peter Bi > Cc: [EMAIL PROTECTED] > Subject: Re: problems setting up Apache::AuthCookieDBI > (solved but no fully understood) > > > Peter: > > Squid complains about http://mod_perl.home.att.net which it > says contains > an invalid character ("_"), so I can't access it. > > Rafael Caceres > > At 10:58 PM 5/3/2002 -0700, you wrote: > >Try my Apache::AccessCookie too. It provides the same ticketing > >interface for many different authenticating methods such as > LDAP, IMAP, > >ftp, SMB, and (of course) DBI, plus a number of useful features. One > >can simply implement her own mechanism too. It can be downloaded at > >http://mod_perl.home.att.net. > > > >BTW, I tried to register the module in CPAN, but was kind of lost in > >the middle. > > > > > >Peter Bi > > > >- Original Message - > >From: "Jim Helm" <[EMAIL PROTECTED]> > >To: "'Fran Fabrizio'" <[EMAIL PROTECTED]>; "'F.Xavier Noria'" > ><[EMAIL PROTECTED]> > >Cc: <[EMAIL PROTECTED]> > >Sent: Friday, May 03, 2002 10:08 PM > >Subject: RE: problems setting up Apache::AuthCookieDBI > (solved but no > >fully > >understood) > > > > > > > p.s. FWIW, I ended up using Apache::AuthTicket instead - has a > > > feature I wanted (timeout, not just expiry), which > CookieDBI didn't > > > have), and it worked as documented with zero hassle... > > > > > > Jim > > > > > > > > -Original Message- > > > > > From: Fran Fabrizio [mailto:[EMAIL PROTECTED]] > > > > > Sent: Friday, May 03, 2002 6:38 AM > > > > > To: F.Xavier Noria > > > > > Cc: [EMAIL PROTECTED] > > > > > Subject: Re: problems setting up > Apache::AuthCookieDBI (solved > > > > > but no fully understood) > > > > > > > > > > > > > > > > > > > > > > > > > > > >Does the server load the module that way? > > > > > > > > > > > > > > > > > It's beyond my expertise at this point but my > experience would > > > > > indicate that it does not work this way since I have > PerlModule > > > > > before the PerlSetVar and it works fine. > > > > > > > > > > -Fran > > > > > > > > > > > > > > > > > > > > > > > > > >
Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
Peter: Squid complains about http://mod_perl.home.att.net which it says contains an invalid character ("_"), so I can't access it. Rafael Caceres At 10:58 PM 5/3/2002 -0700, you wrote: >Try my Apache::AccessCookie too. It provides the same ticketing interface >for many different authenticating methods such as LDAP, IMAP, ftp, SMB, and >(of course) DBI, plus a number of useful features. One can simply implement >her own mechanism too. It can be downloaded at http://mod_perl.home.att.net. > >BTW, I tried to register the module in CPAN, but was kind of lost in the >middle. > > >Peter Bi > >- Original Message - >From: "Jim Helm" <[EMAIL PROTECTED]> >To: "'Fran Fabrizio'" <[EMAIL PROTECTED]>; "'F.Xavier Noria'" ><[EMAIL PROTECTED]> >Cc: <[EMAIL PROTECTED]> >Sent: Friday, May 03, 2002 10:08 PM >Subject: RE: problems setting up Apache::AuthCookieDBI (solved but no fully >understood) > > > > p.s. FWIW, I ended up using Apache::AuthTicket instead - has a feature I > > wanted (timeout, not just expiry), which CookieDBI didn't have), and it > > worked as documented with zero hassle... > > > > Jim > > > > > > -Original Message----- > > > > From: Fran Fabrizio [mailto:[EMAIL PROTECTED]] > > > > Sent: Friday, May 03, 2002 6:38 AM > > > > To: F.Xavier Noria > > > > Cc: [EMAIL PROTECTED] > > > > Subject: Re: problems setting up Apache::AuthCookieDBI > > > > (solved but no fully understood) > > > > > > > > > > > > > > > > > > > > > > >Does the server load the module that way? > > > > > > > > > > > > > > It's beyond my expertise at this point but my experience > > > > would indicate > > > > that it does not work this way since I have PerlModule before the > > > > PerlSetVar and it works fine. > > > > > > > > -Fran > > > > > > > > > > > > > > > > > > >
Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
On Mon, 06 May 2002 10:04:28 -0400 Fran Fabrizio <[EMAIL PROTECTED]> wrote: : >Jacob Davies (author of Apache::AuthCookieDBI) confirmed the secret key : >file has to be set before the PerlModule directive, it is a bug in the : >documentation. : > : Except it doesn't really, because it works fine for me. =) : : I compiled mod_perl static, I tend to avoid DSO if possible. The Eagle book says (page 58): Apache processes the configuration directives on a first-come, first-serve basis, so in certain cases, the order in which directives appear is important. So Apache passes PerlModule and PerlSetVar to mod_perl as it finds it in its configuration file. If mod_perl loaded modules as they come by means of PerlModule that would explain why variables set with PerlSetVar after that directive are not seen by the very module at loading time. As that seems to be the behaviour in my static mod_perl and Jacob Davies said he had to change the documentation (and he knows more mod_perl than I for sure), I don't understand why the order does not matter in your machine. Do we have the same version of the module (v1.18)? -- fxn
Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
On Fri, 3 May 2002 22:02:18 -0700 "Jim Helm" <[EMAIL PROTECTED]> wrote: : I was having the exact same problem 2 days ago... Could it be a : difference in static vs. dso? I'm running mod_perl as a dso - how about : you two? I compiled httpd. Jacob Davies (author of Apache::AuthCookieDBI) confirmed the secret key file has to be set before the PerlModule directive, it is a bug in the documentation. -- fxn
Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
Try my Apache::AccessCookie too. It provides the same ticketing interface for many different authenticating methods such as LDAP, IMAP, ftp, SMB, and (of course) DBI, plus a number of useful features. One can simply implement her own mechanism too. It can be downloaded at http://mod_perl.home.att.net. BTW, I tried to register the module in CPAN, but was kind of lost in the middle. Peter Bi - Original Message - From: "Jim Helm" <[EMAIL PROTECTED]> To: "'Fran Fabrizio'" <[EMAIL PROTECTED]>; "'F.Xavier Noria'" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, May 03, 2002 10:08 PM Subject: RE: problems setting up Apache::AuthCookieDBI (solved but no fully understood) > p.s. FWIW, I ended up using Apache::AuthTicket instead - has a feature I > wanted (timeout, not just expiry), which CookieDBI didn't have), and it > worked as documented with zero hassle... > > Jim > > > > -Original Message- > > > From: Fran Fabrizio [mailto:[EMAIL PROTECTED]] > > > Sent: Friday, May 03, 2002 6:38 AM > > > To: F.Xavier Noria > > > Cc: [EMAIL PROTECTED] > > > Subject: Re: problems setting up Apache::AuthCookieDBI > > > (solved but no fully understood) > > > > > > > > > > > > > > > > > >Does the server load the module that way? > > > > > > > > > > > It's beyond my expertise at this point but my experience > > > would indicate > > > that it does not work this way since I have PerlModule before the > > > PerlSetVar and it works fine. > > > > > > -Fran > > > > > > > > > > > > >
RE: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
p.s. FWIW, I ended up using Apache::AuthTicket instead - has a feature I wanted (timeout, not just expiry), which CookieDBI didn't have), and it worked as documented with zero hassle... Jim > > -Original Message- > > From: Fran Fabrizio [mailto:[EMAIL PROTECTED]] > > Sent: Friday, May 03, 2002 6:38 AM > > To: F.Xavier Noria > > Cc: [EMAIL PROTECTED] > > Subject: Re: problems setting up Apache::AuthCookieDBI > > (solved but no fully understood) > > > > > > > > > > > > >Does the server load the module that way? > > > > > > > > It's beyond my expertise at this point but my experience > > would indicate > > that it does not work this way since I have PerlModule before the > > PerlSetVar and it works fine. > > > > -Fran > > > > > > >
RE: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
I was having the exact same problem 2 days ago... Could it be a difference in static vs. dso? I'm running mod_perl as a dso - how about you two? I did basically the same troubleshooting (added some log_error statements to the BEGIN block) and noticed the same thing - SecretKey file wasn't getting read. For some reason the dir_config hash is empty (completely, not just of *DBI_* entries) when that BEGIN block is executed. I don't know enough about apache internals to understand why moving the PerlModule line to the end of the PerlSetVar *DBI_* directives makes a difference, but it does (for some at least). Jim > -Original Message- > From: Fran Fabrizio [mailto:[EMAIL PROTECTED]] > Sent: Friday, May 03, 2002 6:38 AM > To: F.Xavier Noria > Cc: [EMAIL PROTECTED] > Subject: Re: problems setting up Apache::AuthCookieDBI > (solved but no fully understood) > > > > > > > >Does the server load the module that way? > > > > > It's beyond my expertise at this point but my experience > would indicate > that it does not work this way since I have PerlModule before the > PerlSetVar and it works fine. > > -Fran > > >
Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
On Fri, 03 May 2002 09:09:08 -0400 Fran Fabrizio <[EMAIL PROTECTED]> wrote: : > : > : >Loading Apache::AuthCookieDBI after setting WhatEverDBI_SecretKeyFile : >has solved the problem. I am doing something wrong or the example in the : >manual page would need to be modified? : > : That's odd, I load my module first before setting the secret key (or any : of the other variables) and it works fine for me. If the module was loaded when the server sees the "PerlModule" directive I think this code from Apache::AuthCookieDBI (version 1.18) implies that variable in particular needs to be set before: #=== # S E R V E R S T A R T I N I T I A L I Z A T I O N #=== BEGIN { my @keyfile_vars = grep { $_ =~ /DBI_SecretKeyFile$/ } keys %{ Apache->server->dir_config() }; foreach my $keyfile_var ( @keyfile_vars ) { my $keyfile = Apache->server->dir_config( $keyfile_var ); my $auth_name = $keyfile_var; $auth_name =~ s/DBI_SecretKeyFile$//; unless ( open( KEY, "<$keyfile" ) ) { Apache::log_error( "Could not open keyfile for $auth_name in file $keyfile" ); } else { Apache::warn("Adding key for realm $auth_name"); $SECRET_KEYS{ $auth_name } = ; close KEY; } } } Does the server load the module that way? -- fxn
Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
On Thu, 2 May 2002 20:10:15 +0200 F. Xavier Noria <[EMAIL PROTECTED]> wrote: : I am having problems configuring Apache::AuthCookieDBI and am a bit : lost, since it seems there is something wrong with the secret key : file I cannot see, I attach below the configuration in case it can : help. I have checked the permissions of the file (the server runs : in by box as "fxn"): The problem, it seems, was that I was setting the variables used by the module _after_ loading it, as in the example of its manual page: PerlModule Apache::AuthCookieDBI PerlSetVar BuscaWAPPath / PerlSetVar BuscaWAPLoginScript "/cgi/login.pl" # These must be set PerlSetVar BuscaWAPDBI_DSN "dbi:Oracle:BW_CATALOG" PerlSetVar BuscaWAPDBI_SecretKeyFile "/home/fxn/prj/bw/buscawap/etc/auth.key" Apache::AuthCookieDBI reads its config variables in a BEGIN block. I inserted a trace there and keys %{ Apache->server->dir_config() }; returned no variable set via PerlSetVar after that PerlModule directive. So the hash %SECRET_KEYS, initialized there, had no entries. Moreover, when I tried to access a protected URL as localhost/docs I was redirected to /cgi/login.pl as configured (as you see, after PerlModule as well), which confused me. I suppose this is so because the module sees the variable at runtime, where the config file has been already fully read. Loading Apache::AuthCookieDBI after setting WhatEverDBI_SecretKeyFile has solved the problem. I am doing something wrong or the example in the manual page would need to be modified? -- fxn