Re: [Zope] apache/mod_rewrite and user-logging (semi-OT) - workaround
Whoa,
seems like my problem was not very interesting...
Anyway, I found a solution and hereby make it public.
To get apache to log usernames, one has to invoke
the apache's authentification machinery. I found
out that one can plug perl-modules into apache for
doing auth and that there's even a module which
does exactly what one needs here, Apache::AuthAny,
which always succeeds.
package Apache::AuthAny;
# file: Apache/AuthAny.pm
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
my($res, $sent_pw) = $r->get_basic_auth_pw;
return $res if $res != OK;
my $user = $r->connection->user;
unless($user and $sent_pw) {
$r->note_basic_auth_failure;
$r->log_reason("Both a username and password must be provided", $r->filename);
return AUTH_REQUIRED;
}
return OK;
}
1;
__END__
The corresponding entry in http.conf is
PerlAuthenHandler Apache::AuthAny
AuthType Basic
AuthName "Auth_Realm"
require valid-user
One just has to make sure that the realm is the same as
in zope and everything goes fine.
So on to the next, has anybody an idea what would be a good/easy way
to link zope authentication to apache's?
It might be interesting to use mod_python i.e. for extending
zope's authentication to files/directories served by apache
(one could have done the same as above with mod_python, it's just
that I didn't want to install that for a five-liner).
cheers,
oliver
___
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] apache/mod_rewrite and user-logging (semi-OT)
This is not directly a zope-question, but maybe someone has figured out how to solve this. I'm using apache with mod_rewrite to redirect requests for a certain directory from apache to zope (with option [p]). Now for the first time I can't get apache to do want I want it to, that is logging the usernames into apaches logfile. Apache does this only when enabling apache's mod_auth via AuthType Basic AuthName "Ihr Login..." AuthUserFile "/httproot/web/bogus_userfile.txt" require valid-user or similar, but the silly thing then also wants his own authentication. I am not able to get it to extract the username without really requiring apache authentication. Does anybody know how I could accomplish that? Any dirty tricks to get apache to *think* it authentifies, but letting through every username/password combination, so that zope can do it's job? And no, putting any of this combinations in bogus_userfile.txt is not an option ;->. Another possibility (which gets me more on-topic) is to do that in medusas http_server (which logs a '-' hardcoded), but the only way I could imagine (and code myself) would be to do the base64-decoding there and that seems not quite elegant, even more because apache's log-files hold the client-ip in this situation and therefore are more informative anyway. cheers, oliver ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
