Stas Bekman replied:
> Argh, I wish I could always test every addition I have in the guide, some
> code goes untested as it was posted to the mod_perl or contributed by
> someone else. Then people come and use it, if something is wrong they send
> me a patch I fix it. I guess this is a similar scenario -- I admit that
> this code wasn't tested by me. If you find the problem and solve it,
> please send me the patch, so everybody could benefit from it.
>
> As for hints you want to read the Eagle book, I try hard not to duplicate
> information in the book, but sometimes I do. The book covers extensively
> the Authentication handler writing. You should start from the Basic one
> that works for you and then move on and add the extra, more complicated
> logic inside.
>
> I'm looking forward for the patch :) Thanks a lot!
hmm! "hey, i'm lost in the sears tower. can anybody tell me
how to turn the lights on?" "whoops. maybe if you build your
own skyscraper you can get back with us on that..." :)
so here's what i've stumbled into, in the dark--
i'm using apache 1.3.9 on debian/gnu linux 2.2:
ONE--
from http://perl.apache.org/current/htdocs/manual/mod/mod_perl.html
PerlModule directive
Description: List of Perl modules
Syntax: PerlModule Arg1 x n (ITERATE)
PerlSyntax: push @PerlModule, $arg1
Context: Allowed in *.conf anywhere and in .htaccess
Override: Any other than None
Status: Extension
Module: mod_perl
yet when i put 'PerlModule Serensoft::Auth' into
the .htaccess file i consistently got
[notice] child pid 30127 exit signal Segmentation fault (11)
moving it back into the /etc/apache/httpd.conf file,
all is sparkly again.
TWO--
if i modify the .htaccess file or the Auth.pm file, it's
USUALLY silently ignored until i do
'apachectl graceful'
although sometimes .htaccess updates are activated.
i presume that even having five or ten child apaches running
around loose, it's the one that's dealing with the request that
checks for updates to required modules & settings files...
should i hafta 'graceful' just to update Auth.pm or .htaccess?
THREE--
according to /usr/doc/apache/manual/mod/core.html, the
AuthName and AuthType are allowed in .htaccess and
directory sections only, NOT location sections; this
could be a documentation oversight, i reckon.
FOUR--
i'm now reasonably certain (90% or so) that the missing
ingredients were basically indicated by Eric Cholet when he said
> maybe you need "Order deny, allow" to trigger authentication
seems that i also needed the companion
deny from all
as well (he probably thought i knew enough to presume that,
but alas, i only now begin to see...).
=======
SO -- Stas, here's a coupla extra tweaks i think you should
make so that cut/paste newbies (unlike me, of course) will
have an easier time with this particular example on the next
iteration:
My/Auth.pm--
[snip]
sub authen_handler {
[snip]
my $reason = authen_dbi ($r, $user, $sent_pw, $level);
#############
# '$level' looks like an artifact from the
# original code that isn't part of this example.
#############
[snip]
sub authen_dbi{
my ($r, $user, $sent_pw, $level) = @_;
#############
# $level, again. omit.
#############
# validate username/passwd
return 0 if (*PASSED*)
#############
# i'd leave this as is; if you change it to a real perl
# expression such as /PASSED/ some newbies will sail right
# on by, wondering why they'll never authenticate properly
# (i'd be one of them).
#############
return "Failed for X reason";
}
1;
#############
# add the 'require'-friendly 'non-zero final statement'
#############
httpd.conf or .htaccess (PerlModule hasta be in httpd.conf,
from my experience)--
PerlAccessHandler My::Auth::access_handler
PerlSetVar Intranet "10.10.10.1 => userA, 10.10.10.2 => userB"
PerlAuthenHandler My::Auth::authen_handler
AuthName realm
AuthType Basic
Require valid-user
order deny,allow
deny from all
#############
# add 'order/deny', and we're done (as far as i can tell)
#############
and there you have it. i think.
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Their is five errers in this sentance.