Re: problems setting up Apache::AuthCookieDBI (solved but no fullyunderstood)
Jacob Davies (author of Apache::AuthCookieDBI) confirmed the secret key file has to be set before the PerlModule directive, it is a bug in the documentation. Except it doesn't really, because it works fine for me. =) I compiled mod_perl static, I tend to avoid DSO if possible. -Fran
Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
On Mon, 06 May 2002 10:04:28 -0400 Fran Fabrizio [EMAIL PROTECTED] wrote: : Jacob Davies (author of Apache::AuthCookieDBI) confirmed the secret key : file has to be set before the PerlModule directive, it is a bug in the : documentation. : : Except it doesn't really, because it works fine for me. =) : : I compiled mod_perl static, I tend to avoid DSO if possible. The Eagle book says (page 58): Apache processes the configuration directives on a first-come, first-serve basis, so in certain cases, the order in which directives appear is important. So Apache passes PerlModule and PerlSetVar to mod_perl as it finds it in its configuration file. If mod_perl loaded modules as they come by means of PerlModule that would explain why variables set with PerlSetVar after that directive are not seen by the very module at loading time. As that seems to be the behaviour in my static mod_perl and Jacob Davies said he had to change the documentation (and he knows more mod_perl than I for sure), I don't understand why the order does not matter in your machine. Do we have the same version of the module (v1.18)? -- fxn
Re: problems setting up Apache::AuthCookieDBI (solved but no fullyunderstood)
I for sure), I don't understand why the order does not matter in your machine. Do we have the same version of the module (v1.18)? -- fxn Ah, no, I've got 1.10. Here is the relevant part of my config file # AuthCookieDBI config PerlModule Apache::AuthCookieDBI PerlSetVar RMSPath / PerlSetVar RMSLoginScript /rms/login PerlSetVar RMSDBI_SecretKeyFile /usr/local/apache/RMSsecretkeyfile PerlSetVar etc.. So much for backwards compatibility. ;-) -Fran
Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
Peter: Squid complains about http://mod_perl.home.att.net which it says contains an invalid character (_), so I can't access it. Rafael Caceres At 10:58 PM 5/3/2002 -0700, you wrote: Try my Apache::AccessCookie too. It provides the same ticketing interface for many different authenticating methods such as LDAP, IMAP, ftp, SMB, and (of course) DBI, plus a number of useful features. One can simply implement her own mechanism too. It can be downloaded at http://mod_perl.home.att.net. BTW, I tried to register the module in CPAN, but was kind of lost in the middle. Peter Bi - Original Message - From: Jim Helm [EMAIL PROTECTED] To: 'Fran Fabrizio' [EMAIL PROTECTED]; 'F.Xavier Noria' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, May 03, 2002 10:08 PM Subject: RE: problems setting up Apache::AuthCookieDBI (solved but no fully understood) p.s. FWIW, I ended up using Apache::AuthTicket instead - has a feature I wanted (timeout, not just expiry), which CookieDBI didn't have), and it worked as documented with zero hassle... Jim -Original Message- From: Fran Fabrizio [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 6:38 AM To: F.Xavier Noria Cc: [EMAIL PROTECTED] Subject: Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood) Does the server load the module that way? It's beyond my expertise at this point but my experience would indicate that it does not work this way since I have PerlModule before the PerlSetVar and it works fine. -Fran
RE: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
Strictly speaking _ is (was?) an illegal character for DNS names. I used to go round-n-round with a fellow sysadmin about that fact, and that we shouldn't use _ in hostnames. Jim -Original Message- From: Rafael Caceres [mailto:[EMAIL PROTECTED]] Sent: Monday, May 06, 2002 10:23 AM To: Peter Bi Cc: [EMAIL PROTECTED] Subject: Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood) Peter: Squid complains about http://mod_perl.home.att.net which it says contains an invalid character (_), so I can't access it. Rafael Caceres At 10:58 PM 5/3/2002 -0700, you wrote: Try my Apache::AccessCookie too. It provides the same ticketing interface for many different authenticating methods such as LDAP, IMAP, ftp, SMB, and (of course) DBI, plus a number of useful features. One can simply implement her own mechanism too. It can be downloaded at http://mod_perl.home.att.net. BTW, I tried to register the module in CPAN, but was kind of lost in the middle. Peter Bi - Original Message - From: Jim Helm [EMAIL PROTECTED] To: 'Fran Fabrizio' [EMAIL PROTECTED]; 'F.Xavier Noria' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, May 03, 2002 10:08 PM Subject: RE: problems setting up Apache::AuthCookieDBI (solved but no fully understood) p.s. FWIW, I ended up using Apache::AuthTicket instead - has a feature I wanted (timeout, not just expiry), which CookieDBI didn't have), and it worked as documented with zero hassle... Jim -Original Message- From: Fran Fabrizio [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 6:38 AM To: F.Xavier Noria Cc: [EMAIL PROTECTED] Subject: Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood) Does the server load the module that way? It's beyond my expertise at this point but my experience would indicate that it does not work this way since I have PerlModule before the PerlSetVar and it works fine. -Fran
Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
On Fri, 3 May 2002 22:02:18 -0700 Jim Helm [EMAIL PROTECTED] wrote: : I was having the exact same problem 2 days ago... Could it be a : difference in static vs. dso? I'm running mod_perl as a dso - how about : you two? I compiled httpd. Jacob Davies (author of Apache::AuthCookieDBI) confirmed the secret key file has to be set before the PerlModule directive, it is a bug in the documentation. -- fxn
Re: problems setting up Apache::AuthCookieDBI
On Thu, 02 May 2002 15:22:59 -0400 Fran Fabrizio [EMAIL PROTECTED] wrote: : Do you have this in httpd.conf (or mod_perl.conf) : : PerlSetVar BuscaWAPDBI_SecretKeyFile /home/fxn/prj/bw/buscawap/etc/auth.key : : ? I have all mod_perl-related things in mod_perl.conf, and httpd.conf ends with this line: Include /home/fxn/prj/bw/buscawap/etc/mod_perl.conf Could that matter? -- fxn
Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
On Thu, 2 May 2002 20:10:15 +0200 F. Xavier Noria [EMAIL PROTECTED] wrote: : I am having problems configuring Apache::AuthCookieDBI and am a bit : lost, since it seems there is something wrong with the secret key : file I cannot see, I attach below the configuration in case it can : help. I have checked the permissions of the file (the server runs : in by box as fxn): The problem, it seems, was that I was setting the variables used by the module _after_ loading it, as in the example of its manual page: PerlModule Apache::AuthCookieDBI PerlSetVar BuscaWAPPath / PerlSetVar BuscaWAPLoginScript /cgi/login.pl # These must be set PerlSetVar BuscaWAPDBI_DSN dbi:Oracle:BW_CATALOG PerlSetVar BuscaWAPDBI_SecretKeyFile /home/fxn/prj/bw/buscawap/etc/auth.key Apache::AuthCookieDBI reads its config variables in a BEGIN block. I inserted a trace there and keys %{ Apache-server-dir_config() }; returned no variable set via PerlSetVar after that PerlModule directive. So the hash %SECRET_KEYS, initialized there, had no entries. Moreover, when I tried to access a protected URL as localhost/docs I was redirected to /cgi/login.pl as configured (as you see, after PerlModule as well), which confused me. I suppose this is so because the module sees the variable at runtime, where the config file has been already fully read. Loading Apache::AuthCookieDBI after setting WhatEverDBI_SecretKeyFile has solved the problem. I am doing something wrong or the example in the manual page would need to be modified? -- fxn
Re: problems setting up Apache::AuthCookieDBI (solved but no fullyunderstood)
Loading Apache::AuthCookieDBI after setting WhatEverDBI_SecretKeyFile has solved the problem. I am doing something wrong or the example in the manual page would need to be modified? That's odd, I load my module first before setting the secret key (or any of the other variables) and it works fine for me. -Fran
Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
On Fri, 03 May 2002 09:09:08 -0400 Fran Fabrizio [EMAIL PROTECTED] wrote: : : : Loading Apache::AuthCookieDBI after setting WhatEverDBI_SecretKeyFile : has solved the problem. I am doing something wrong or the example in the : manual page would need to be modified? : : That's odd, I load my module first before setting the secret key (or any : of the other variables) and it works fine for me. If the module was loaded when the server sees the PerlModule directive I think this code from Apache::AuthCookieDBI (version 1.18) implies that variable in particular needs to be set before: #=== # S E R V E R S T A R T I N I T I A L I Z A T I O N #=== BEGIN { my @keyfile_vars = grep { $_ =~ /DBI_SecretKeyFile$/ } keys %{ Apache-server-dir_config() }; foreach my $keyfile_var ( @keyfile_vars ) { my $keyfile = Apache-server-dir_config( $keyfile_var ); my $auth_name = $keyfile_var; $auth_name =~ s/DBI_SecretKeyFile$//; unless ( open( KEY, $keyfile ) ) { Apache::log_error( Could not open keyfile for $auth_name in file $keyfile ); } else { Apache::warn(Adding key for realm $auth_name); $SECRET_KEYS{ $auth_name } = KEY; close KEY; } } } Does the server load the module that way? -- fxn
Re: problems setting up Apache::AuthCookieDBI (solved but no fullyunderstood)
Does the server load the module that way? It's beyond my expertise at this point but my experience would indicate that it does not work this way since I have PerlModule before the PerlSetVar and it works fine. -Fran
RE: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
I was having the exact same problem 2 days ago... Could it be a difference in static vs. dso? I'm running mod_perl as a dso - how about you two? I did basically the same troubleshooting (added some log_error statements to the BEGIN block) and noticed the same thing - SecretKey file wasn't getting read. For some reason the dir_config hash is empty (completely, not just of *DBI_* entries) when that BEGIN block is executed. I don't know enough about apache internals to understand why moving the PerlModule line to the end of the PerlSetVar *DBI_* directives makes a difference, but it does (for some at least). Jim -Original Message- From: Fran Fabrizio [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 6:38 AM To: F.Xavier Noria Cc: [EMAIL PROTECTED] Subject: Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood) Does the server load the module that way? It's beyond my expertise at this point but my experience would indicate that it does not work this way since I have PerlModule before the PerlSetVar and it works fine. -Fran
RE: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
p.s. FWIW, I ended up using Apache::AuthTicket instead - has a feature I wanted (timeout, not just expiry), which CookieDBI didn't have), and it worked as documented with zero hassle... Jim -Original Message- From: Fran Fabrizio [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 6:38 AM To: F.Xavier Noria Cc: [EMAIL PROTECTED] Subject: Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood) Does the server load the module that way? It's beyond my expertise at this point but my experience would indicate that it does not work this way since I have PerlModule before the PerlSetVar and it works fine. -Fran
Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
Try my Apache::AccessCookie too. It provides the same ticketing interface for many different authenticating methods such as LDAP, IMAP, ftp, SMB, and (of course) DBI, plus a number of useful features. One can simply implement her own mechanism too. It can be downloaded at http://mod_perl.home.att.net. BTW, I tried to register the module in CPAN, but was kind of lost in the middle. Peter Bi - Original Message - From: Jim Helm [EMAIL PROTECTED] To: 'Fran Fabrizio' [EMAIL PROTECTED]; 'F.Xavier Noria' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, May 03, 2002 10:08 PM Subject: RE: problems setting up Apache::AuthCookieDBI (solved but no fully understood) p.s. FWIW, I ended up using Apache::AuthTicket instead - has a feature I wanted (timeout, not just expiry), which CookieDBI didn't have), and it worked as documented with zero hassle... Jim -Original Message- From: Fran Fabrizio [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 6:38 AM To: F.Xavier Noria Cc: [EMAIL PROTECTED] Subject: Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood) Does the server load the module that way? It's beyond my expertise at this point but my experience would indicate that it does not work this way since I have PerlModule before the PerlSetVar and it works fine. -Fran
Re: problems setting up Apache::AuthCookieDBI
Do you have this in httpd.conf (or mod_perl.conf) PerlSetVar BuscaWAPDBI_SecretKeyFile /home/fxn/prj/bw/buscawap/etc/auth.key ? -Fran F.Xavier Noria wrote: I am having problems configuring Apache::AuthCookieDBI and am a bit lost, since it seems there is something wrong with the secret key file I cannot see, I attach below the configuration in case it can help. I have checked the permissions of the file (the server runs in by box as fxn): $ ls -la /home/fxn/prj/bw/buscawap/etc/auth.key -rw---1 fxn12 May 2 19:20 /home/fxn/prj/bw/buscawap/etc/auth.key If I request /docs these messages appear in error_log: [Thu May 2 20:07:19 2002] [error] access to /login failed for 127.0.0.1, reason: Apache::AuthCookieDBI: didn't have the secret key for auth realm Busc aWAP [Thu May 2 20:07:21 2002] [error] access to /docs failed for 127.0.0.1, reason: Apache::AuthCookieDBI: didn't the secret key from for auth realm Busca WAP Any hint on what could I be doing wrong? -- fxn PerlModule Apache::AuthCookieDBI PerlSetVar BuscaWAPPath / PerlSetVar BuscaWAPLoginScript /cgi/login.pl # These must be set PerlSetVar BuscaWAPDBI_DSN dbi:Oracle:BW_CATALOG PerlSetVar BuscaWAPDBI_SecretKeyFile /home/fxn/prj/bw/buscawap/etc/auth.key # These are optional, the module sets sensible defaults. PerlSetVar BuscaWAPDBI_Userwap PerlSetVar BuscaWAPDBI_PasswordX PerlSetVar BuscaWAPDBI_UsersTable view_active_users PerlSetVar BuscaWAPDBI_UserField login PerlSetVar BuscaWAPDBI_PasswordField password PerlSetVar BuscaWAPDBI_CryptType none PerlSetVar BuscaWAPDBI_GroupsTable view_active_users PerlSetVar BuscaWAPDBI_GroupField rol PerlSetVar BuscaWAPDBI_GroupUserField login PerlSetVar BuscaWAPDBI_EncryptionType none PerlSetVar BuscaWAPDBI_SessionLifetime 00-24-00-00 Location /login AuthTypeApache::AuthCookieDBI AuthNameBuscaWAP SetHandler perl-script PerlHandler Apache::AuthCookieDBI-login /Location Alias /cgi /home/fxn/prj/bw/buscawap/www/cgi/ PerlModule Apache::Registry Location /cgi SetHandler perl-script PerlHandler Apache::Registry Options +ExecCGI /Location Location /docs AuthType Apache::AuthCookieDBI AuthName BuscaWAP PerlAuthenHandler Apache::AuthCookieDBI-authenticate PerlAuthzHandler Apache::AuthCookieDBI-authorize require valid-user SetHandlerperl-script PerlHandler BuscaWAP::Apache::Docs /Location
problems setting up Apache::AuthCookieDBI
I am having problems configuring Apache::AuthCookieDBI and am a bit lost, since it seems there is something wrong with the secret key file I cannot see, I attach below the configuration in case it can help. I have checked the permissions of the file (the server runs in by box as fxn): $ ls -la /home/fxn/prj/bw/buscawap/etc/auth.key -rw---1 fxn12 May 2 19:20 /home/fxn/prj/bw/buscawap/etc/auth.key If I request /docs these messages appear in error_log: [Thu May 2 20:07:19 2002] [error] access to /login failed for 127.0.0.1, reason: Apache::AuthCookieDBI: didn't have the secret key for auth realm Busc aWAP [Thu May 2 20:07:21 2002] [error] access to /docs failed for 127.0.0.1, reason: Apache::AuthCookieDBI: didn't the secret key from for auth realm Busca WAP Any hint on what could I be doing wrong? -- fxn PerlModule Apache::AuthCookieDBI PerlSetVar BuscaWAPPath / PerlSetVar BuscaWAPLoginScript /cgi/login.pl # These must be set PerlSetVar BuscaWAPDBI_DSN dbi:Oracle:BW_CATALOG PerlSetVar BuscaWAPDBI_SecretKeyFile /home/fxn/prj/bw/buscawap/etc/auth.key # These are optional, the module sets sensible defaults. PerlSetVar BuscaWAPDBI_Userwap PerlSetVar BuscaWAPDBI_PasswordX PerlSetVar BuscaWAPDBI_UsersTable view_active_users PerlSetVar BuscaWAPDBI_UserField login PerlSetVar BuscaWAPDBI_PasswordField password PerlSetVar BuscaWAPDBI_CryptType none PerlSetVar BuscaWAPDBI_GroupsTable view_active_users PerlSetVar BuscaWAPDBI_GroupField rol PerlSetVar BuscaWAPDBI_GroupUserField login PerlSetVar BuscaWAPDBI_EncryptionType none PerlSetVar BuscaWAPDBI_SessionLifetime 00-24-00-00 Location /login AuthTypeApache::AuthCookieDBI AuthNameBuscaWAP SetHandler perl-script PerlHandler Apache::AuthCookieDBI-login /Location Alias /cgi /home/fxn/prj/bw/buscawap/www/cgi/ PerlModule Apache::Registry Location /cgi SetHandler perl-script PerlHandler Apache::Registry Options +ExecCGI /Location Location /docs AuthType Apache::AuthCookieDBI AuthName BuscaWAP PerlAuthenHandler Apache::AuthCookieDBI-authenticate PerlAuthzHandler Apache::AuthCookieDBI-authorize require valid-user SetHandlerperl-script PerlHandler BuscaWAP::Apache::Docs /Location
Re: problems setting up Apache::AuthCookieDBI
On Thu, 02 May 2002 20:24:10 +0200 Per Einar Ellefsen [EMAIL PROTECTED] wrote: : At 20:10 02.05.2002, F.Xavier Noria wrote: : PerlModule Apache::AuthCookieDBI : : PerlSetVar BuscaWAPPath / : PerlSetVar BuscaWAPLoginScript /cgi/login.pl : : # These must be set : PerlSetVar BuscaWAPDBI_DSN dbi:Oracle:BW_CATALOG : PerlSetVar BuscaWAPDBI_SecretKeyFile /home/fxn/prj/bw/buscawap/etc/auth.key : : Have you tried inserting these into the respective Location sections? I'm : not sure, but I think PerlSetVars aren't merged into location-specific : configuration, so they might not actually be caught by Apache::AuthCookieDBI I guess this is not the problem since /cgi/login.pl gets run by the module and is configured the same way. Thank you anyway! -- fxn
Re: problems setting up Apache::AuthCookieDBI
I'm not sure, but I think PerlSetVars aren't merged into location-specific configuration, so they might not actually be caught by Apache::AuthCookieDBI they should merge just fine. I do stuff like PerlSetVar DBASE dbi:Oracle:HELM all the time and grab it in Location specific handlers --Geoff
Re: problems setting up Apache::AuthCookieDBI
At 20:10 02.05.2002, F.Xavier Noria wrote: PerlModule Apache::AuthCookieDBI PerlSetVar BuscaWAPPath / PerlSetVar BuscaWAPLoginScript /cgi/login.pl # These must be set PerlSetVar BuscaWAPDBI_DSN dbi:Oracle:BW_CATALOG PerlSetVar BuscaWAPDBI_SecretKeyFile /home/fxn/prj/bw/buscawap/etc/auth.key Have you tried inserting these into the respective Location sections? I'm not sure, but I think PerlSetVars aren't merged into location-specific configuration, so they might not actually be caught by Apache::AuthCookieDBI -- Per Einar Ellefsen [EMAIL PROTECTED]