Re: [users@httpd] pwauth to external server

Tue, 23 May 2023 06:03:39 -0700 

Thank you Frank.

This is my entire gitweb config:

cat /etc/apache2/conf-available/gitweb.conf
<IfModule mod_alias.c>
  <IfModule mod_mime.c>
    <IfModule mod_cgi.c>
      Define ENABLE_GITWEB
    </IfModule>
    <IfModule mod_cgid.c>
      Define ENABLE_GITWEB
    </IfModule>
  </IfModule>
</IfModule>

<IfDefine ENABLE_GITWEB>
  Alias /gitweb /usr/share/gitweb

        AddExternalAuth pwauth /usr/sbin/pwauth
        SetExternalAuthMethod pwauth pipe

  <Directory /usr/share/gitweb>
    Options +FollowSymLinks +ExecCGI
    AddHandler cgi-script .cgi

        AuthName 'Enter your username and password'
        AuthType Basic
        AuthBasicProvider external
        AuthExternal pwauth
        Require valid-user

        Order Deny,Allow
        Satisfy any
        Deny from all
        Require valid-user

  </Directory>
</IfDefine>

The configuration is working fine and authenticates users as expected.
What I don't understand is how does apache know which server to consult for the credentials?
Just saying "external" surely shouldn't be enough without specifying a FQDN or IP, port number etc. like you do with: 

AuthLDAPURL ldap://

What am I missing here?

Regards,
Adam

On 18/05/2023 20:21, Frank Gingras wrote:

This comes to mind:

https://code.google.com/archive/p/mod-auth-external/wikis/AuthNZ.wiki
On Wed, May 17, 2023 at 12:48 PM Adam Weremczuk <ad...@matrixscience.com> wrote: 

    Hi all,

    I run some old Bugzilla 3.6.11 (https://www.bugzilla.org) on SERVER1
    (Debian 7 / Apache 2.2.22 / MySQL 5.5.31).

    The following authentication works locally:

    AuthType Basic
    AuthPAM_Enabled on
    AuthBasicAuthoritative off
    AuthUserFile /dev/null

    I have migrated Bugzilla to a modern stack on SERVER2 (Debian 11 /
    Apache 2.4.56 / MariaDB 10.5.19) but struggle with authentication.

    Is it possible to use pwauth to consult usernames/passwords on
    SERVER1
    from SERVER2 by IP?

    What other authentication options do I have?

    I would rather avoid doing things such as copying usernames and
    passwords across.

    Regards,
    Adam


    ---------------------------------------------------------------------
    To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
    For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to