i canna get the PerlAuthenHandler to do ANYTHING. first
line of code after $r = shift is $r->warn() but nothing
shows up in the log. aaugh!
i copied the sample code from 'illustrated security scenarios'
at http://perl.apache.org/guide/security.html nearly verbatim,
(cut & paste + munge) changed '(*PASSED*)' to a simple test
(moot, at this point) and inserted a few $r->warn("") for tracing
and debugging purposes.
access_handler() works fine. all its $r->warn output shows up
in the logfile as it should.
BUT i never see any incursion into the authen_handler() AT ALL!
[my main site is serensoft.com; the virtual site is dontUthink.com
and the url i'm trying to test is dontUthink.com/auth ... it lets
me in, every time, without asking for any userid:password.]
httpd.conf:
PerlModule Serensoft::Auth
<Location /auth>
PerlAccessHandler Serensoft::Auth::access_handler
PerlSetVar Intranet "this => that"
PerlAuthenHandler Serensoft::Auth::authen_handler
AuthName "dontUthink subscriber"
AuthType Basic
Require valid-user
</Location>
Serensoft/Auth.pm:
Package Serensoft::Auth;
use strict;
use Apache::Constants qw(:common);
[snip]
sub authen_handler {
my $r = shift;
$r->warn('authen_handler'); # <== NEVER gets here!!!
# get user's authentication credentials
my ($res, $sent_pw) = $r->get_basic_auth_pw;
return $res if $res != OK;
my $user = $r->connection->user;
# authenticate through DBI
my $reason = authen_dbi ($r, $user, $sent_pw); # $level? eh?
if ($reason) {
$r->note_basic_auth_failure;
$r->log_reason ($reason, $r->uri);
return AUTH_REQUIRED;
}
return OK;
}
i even tried adding
$r->set_handlers(PerlAuthenHandler => [\&authen_handler]);
right at the end of access_handler() (before returning OK)
but alas, to no avail.
what obvious dial have i forgotten to frob?
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Their is five errers in this sentance.
