Bug#405773: Mysql auth how then?
Peter Scott wrote: Can somebody please, please tell me HOW YOU DO auth with etch apache 2.2 mysql? Hi Peter, there was libapache2-mod-auth-mysql in sid which you can rebuild on etch. Since it has been removed from unstable you'll have to fetch the source code from http://snapshot.debian.net/libapache-mod-auth-mysql. I'm currently pondering if it would make sense to bring that package back into shape and into sid - at least until mod_dbd can support mysql. Regards, Joey -- Long noun chains don't automatically imply security. -- Bruce Schneier Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405773: Mysql auth how then?
Joey Schulze wrote: Peter Scott wrote: Can somebody please, please tell me HOW YOU DO auth with etch apache 2.2 mysql? Hi Peter, there was libapache2-mod-auth-mysql in sid which you can rebuild on etch. Since it has been removed from unstable you'll have to fetch the source code from http://snapshot.debian.net/libapache-mod-auth-mysql. I've just seen that you've tried mod-auth-mysql 3.0. Beware, that's a totally different approach. The one mentioned above has been included in Debian once and works on Debian. I use it on etch. Regards, Joey -- Long noun chains don't automatically imply security. -- Bruce Schneier Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405773: Mysql auth how then?
Thanks for your input. For my part i solved my problem, as you usually do asking various folk and trying this and that. In short the documentation: http://dev.e-taxonomy.eu/trac/wiki/ApacheMySQLAuthentication is incorrect re pam-mysql, as it transpires, among other things. I have contacted the author, to little avail. Half way down where it says: auth sufficient pam_mysql.so verbose=1 user=webuser passwd= host=160.45.63.30 db=drupal5 table=drupal5._shared_users usercolumn=drupal5._shared_users.name passwdcolumn=drupal5._shared_users.pass crypt=3 you need to also put: account sufficient pam_mysql.so verbose=1 user=webuser passwd= host=160.45.63.30 db=drupal5 table=drupal5._shared_users usercolumn=drupal5._shared_users.name passwdcolumn=drupal5._shared_users.pass crypt=3 Thats it, and it'll keep me happy, and by extention others I guess if it were better documented, until http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405773 is resolved. How long before mod_authn_dbd does mysql ? Regards Peter Scott Joey Schulze wrote: Joey Schulze wrote: Peter Scott wrote: Can somebody please, please tell me HOW YOU DO auth with etch apache 2.2 mysql? Hi Peter, there was libapache2-mod-auth-mysql in sid which you can rebuild on etch. Since it has been removed from unstable you'll have to fetch the source code from http://snapshot.debian.net/libapache-mod-auth-mysql. I've just seen that you've tried mod-auth-mysql 3.0. Beware, that's a totally different approach. The one mentioned above has been included in Debian once and works on Debian. I use it on etch. Regards, Joey -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405773: Mysql auth how then?
Peter Scott wrote: Thats it, and it'll keep me happy, and by extention others I guess if it were better documented, until http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405773 is resolved. How long before mod_authn_dbd does mysql ? I don't know and it's outside my reach. The bug report suggests technical problems. At least on the etch Apache 2.2 such a problem does not exist for mod_auth_mysql. Regards, Joey -- Long noun chains don't automatically imply security. -- Bruce Schneier Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405773: Mysql auth how then?
I don't know and it's outside my reach. The bug report suggests technical problems. At least on the etch Apache 2.2 such a problem does not exist for mod_auth_mysql. OK, sounds like it could be a while, if it wont be in lenney. there was libapache2-mod-auth-mysql in sid which you can rebuild on etch. Since it has been removed from unstable you'll have to fetch the source code from http://snapshot.debian.net/libapache-mod-auth-mysql. Ill give it a go for the greater good you understand, if you are willing to give insert tab a into slot b instructions for those of us just used to debs. Why http://snapshot.debian.net/libapache-mod-auth-mysql not libapache2-mod-auth-mysql? P. Joey Schulze wrote: Peter Scott wrote: Thats it, and it'll keep me happy, and by extention others I guess if it were better documented, until http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405773 is resolved. How long before mod_authn_dbd does mysql ? Regards, Joey -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405773: Mysql auth how then?
Hi Peter! Peter Scott wrote: I don't know and it's outside my reach. The bug report suggests technical problems. At least on the etch Apache 2.2 such a problem does not exist for mod_auth_mysql. OK, sounds like it could be a while, if it wont be in lenney. there was libapache2-mod-auth-mysql in sid which you can rebuild on etch. Since it has been removed from unstable you'll have to fetch the source code from http://snapshot.debian.net/libapache-mod-auth-mysql. Ill give it a go for the greater good you understand, if you are willing to give insert tab a into slot b instructions for those of us just used to debs. Which architecture do you use? I have amd64 packages in use that I could make public. Why http://snapshot.debian.net/libapache-mod-auth-mysql not libapache2-mod-auth-mysql? libapache-mod-auth-mysql is the old source package. libapache2-mod-auth-mysql is the binary package. I don't know if the binary package from unstable works fine on stable, thus I proposed to rebuild it from source. I'm currently working on that package to get it back into unstable and hopefully testing as well. You may also try the new package if you like. http://luonnotar.infodrom.org/~joey/mod_auth_mysql/ (Comments welcome) Regards, Joey -- Long noun chains don't automatically imply security. -- Bruce Schneier Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405773: Mysql auth how then?
I don't know and it's outside my reach. The bug report suggests technical problems. At least on the etch Apache 2.2 such a problem does not exist for mod_auth_mysql. OK, sounds like it could be a while, if it wont be in lenney. I very much hope it will make lenny. The required php change has been made in unstable. I intend to upload the mysql-enabling apr-util in the next 1-2 weeks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405773: Mysql auth how then?
Stefan Fritsch wrote: I don't know and it's outside my reach. The bug report suggests technical problems. At least on the etch Apache 2.2 such a problem does not exist for mod_auth_mysql. OK, sounds like it could be a while, if it wont be in lenney. I very much hope it will make lenny. The required php change has been made in unstable. I intend to upload the mysql-enabling apr-util in the next 1-2 weeks. Sounds good. Regards, Joey -- Long noun chains don't automatically imply security. -- Bruce Schneier Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405773: Mysql auth how then?
On Friday 29 February 2008, Peter Scott wrote: Ive spent 2 full days on this. I tried both suggested workarounds[1] and with wild and weird results. Attempting to get mod_authn_dbd to go, as per the apache2 documentation just brought apache to a grinding halt ( does not recognise mod_dbd (paraphrased) load failed. Updated box which brought apache to 2.2.3-4+etch4 .Didnt help. mod_authn_dbd requires mod_dbd. Maybe you did not enable mod_dbd? It seems that this dependency information is missing in the etch package so that a2enmod authn_dbd would not enable mod_dbd automatically :-( libapache2-mod-auth-pam + libpam-mysql NEARLY worked, but refused to let mysql be authoritative even after: - specifying AuthBasicAuthoritative Off - using auth sufficient in /etc/pam.d/apache2 - removing pam-unix includes from ditto The pam-mysql auth passes according to the logs, but then pam-unix stops it if there is no system account with the same username. Password didnt seem to matter. I don't know much about pam, but maybe you are missing an account entry as described in /usr/share/doc/libpam-mysql/README.gz . Im nearly to the point of tears on this one[2], and im normally a robust sort. Its a moderately production box (intranet), so the soln has to be stable, and compatible with LAM(Php). I might be willing to give lenny a go if it means i can just use either mod_authn_dbd or mod_auth_mysql out of the box(package). I successfully tested mod_authn_dbd in 2.2.6 with postgresql, so it should work in lenny. It might also work with 2.2.3 from etch if you load mod_dbd, but I don't know. Mod_authn_dbd also supports sqlite, but not mysql. Which do you think is going to be the best route. How far is lenny away from stable? Go back to sarge? Would another db solve the problem? Creating a mirror dbm or flatfile? grasps straws / I now nothing about mod_auth_pam or mod_auth_mysql, so I can't say anything about it. But this is the best option if you need php with mysql support. Using mod_authn_dbd with mysql is not possible currently (even in lenny), because this would need a change in the way php is compiled (and an libaprutil with mysql support, of course). Sarge looses its security support in one month, so that's not good either. Maybe putting you auth data into a sqlite database and using mod_authn_dbd would be an option, too. Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405773: Mysql auth how then?
Can somebody please, please tell me HOW YOU DO auth with etch apache 2.2 mysql? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405773: Mysql auth how then?
On Thursday 28 February 2008, Peter Scott wrote: Can somebody please, please tell me HOW YOU DO auth with etch apache 2.2 mysql? You can't, unfortunately. Your best bet is probably to grab the apr-util 1.2.12+dfsg-2 source package from testing, add --with-mysql to the configure line in debian/rules, install the libmysqlclient15-dev package, and recompile it on etch. This has some caveats, however: - it is not compatible with the php mysql extensions as they are compiled in etch (might lead to segfaults) - mod_dbd from apache2 2.2.3 has some bugs that were fixed in 2.2.6, so I am not sure it works at all, see e.g. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434562 - apr-util 1.2.12 has a bug that might make apache segfault if you serve files larger than 2GB on a 32bit system If you decide to try it, though, I would be interested to hear whether it works. Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405773: Mysql auth how then?
Thanks so much for your email. Ive spent 2 full days on this. I tried both suggested workarounds[1] and with wild and weird results. Attempting to get mod_authn_dbd to go, as per the apache2 documentation just brought apache to a grinding halt ( does not recognise mod_dbd (paraphrased) load failed. Updated box which brought apache to 2.2.3-4+etch4 .Didnt help. Compiling and patching mod_auth_mysql-3.0.0.tar.gz simply produced a thousand errors at compile time libapache2-mod-auth-pam + libpam-mysql NEARLY worked, but refused to let mysql be authoritative even after: - specifying AuthBasicAuthoritative Off - using auth sufficient in /etc/pam.d/apache2 - removing pam-unix includes from ditto The pam-mysql auth passes according to the logs, but then pam-unix stops it if there is no system account with the same username. Password didnt seem to matter. Pam seems almost there to me, but my queries to pam-list have gone unanswered I think mod_auth_pam has died. Im nearly to the point of tears on this one[2], and im normally a robust sort. Its a moderately production box (intranet), so the soln has to be stable, and compatible with LAM(Php). I might be willing to give lenny a go if it means i can just use either mod_authn_dbd or mod_auth_mysql out of the box(package). Which do you think is going to be the best route. How far is lenny away from stable? Go back to sarge? Would another db solve the problem? Creating a mirror dbm or flatfile? grasps straws / Regards Peter Scott NZ [1] http://dev.e-taxonomy.eu/trac/wiki/ApacheMySQLAuthentication [2] Jeeps i thought debian was supposed to be a server friendly stable works kind of thing. Stefan Fritsch wrote: On Thursday 28 February 2008, Peter Scott wrote: Can somebody please, please tell me HOW YOU DO auth with etch apache 2.2 mysql? You can't, unfortunately. Your best bet is probably to grab the apr-util 1.2.12+dfsg-2 source package from testing, add --with-mysql to the configure line in debian/rules, install the libmysqlclient15-dev package, and recompile it on etch. This has some caveats, however: - it is not compatible with the php mysql extensions as they are compiled in etch (might lead to segfaults) - mod_dbd from apache2 2.2.3 has some bugs that were fixed in 2.2.6, so I am not sure it works at all, see e.g. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434562 - apr-util 1.2.12 has a bug that might make apache segfault if you serve files larger than 2GB on a 32bit system If you decide to try it, though, I would be interested to hear whether it works. Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
