Jeff Trawick wrote:
On Tue, Sep 29, 2009 at 11:26 AM, Barry Scott
<barry.sc...@onelan.co.uk <mailto:barry.sc...@onelan.co.uk>> wrote:
Jeff Trawick wrote:
On Tue, Sep 29, 2009 at 8:18 AM, Barry Scott
<barry.sc...@onelan.co.uk <mailto:barry.sc...@onelan.co.uk>
<mailto:barry.sc...@onelan.co.uk
<mailto:barry.sc...@onelan.co.uk>>> wrote:
The mod_fcgid page says to ask on dev I assume that this is the
right place to ask.
I'm using mod_fcgid from svn with HTTPD 2.2.
I want to use a fast CGI authorizer to allow me to control
access
based on my rules.
The authorizer needs to be a long running process - never
exits.
I know that the fcgid code is noticing the directive
because I can
change the filename
and see the error message from the sources.
But I'm at a lose as to the required to get this
configuration to
actually call my code.
mod_fcgid is not starting up the authorizer process.
I have the following fcgid specific lines in my httpd.conf
file:
---- httpd.conf ----
...
LoadModule fcgid_module modules/mod_fcgid.so
...
Listen *:9000
<VirtualHost *:9000>
<Location />
Order allow,deny
Allow from all
AuthType Digest
Did you really mean Digest authentication instead of Basic
authentication?
mod_fcgid only supports Basic, AFAICT.
/* Get the user password */
if ((res = ap_get_basic_auth_pw(r, &password)) != OK)
return res;
I don't want to be an authenticator, I want to be a authorizer.
Authorizer has no need of passwords right.
whoops :(
yes
your "require valid-user" implies that you don't need authorization;
try "require valid-group" instead
I want the users password checked and to only proceed if it is valid.
I also want to run the fcgi Authorizer to check that the URL being
access is allowed according to the logic in my Authorizer code.
To that end I have the following:
<Location />
Order allow,deny
Allow from all
# Use digest auth to check the username/password pair
AuthType Digest
AuthName "Manager System"
# no one gets in without a valid username/password pair
Require valid-user
# Use these files to find the passwd and group information
AuthGroupFile /home/bscott/Work/httpd-fcgid-test/auth/http.group
AuthUserFile /home/bscott/Work/httpd-fcgid-test/auth/http.passwd
# Run the Authorizer.sh to veto URL based on the username
FastCgiAuthorizer
/home/bscott/wc/svn/NTB-Next/onelan/DSM/Sources/WebUserInterface/bin/Authorizer.sh
</Location>
What triggers HTTPD to call the Authorizer.sh code?
Surely not the commands that control authentication checks?
I cannot find Require valid-group defined in the 2.2 docs.
Do you mean I need to add:
Require group nosuchgroup
And that will cause the mod_authn_user (or what ever module) to try
and match nosuchgroup. When it fails my Authenicator will be run
to see if it can handle that directive?
Isn't this module crying out for a directive like:
Require fcgid-authenticater-user-is-valid
Barry
