problems setting up Apache::AuthCookieDBI
I am having problems configuring Apache::AuthCookieDBI and am a bit lost, since it seems there is something wrong with the secret key file I cannot see, I attach below the configuration in case it can help. I have checked the permissions of the file (the server runs in by box as "fxn"): $ ls -la /home/fxn/prj/bw/buscawap/etc/auth.key -rw---1 fxn12 May 2 19:20 /home/fxn/prj/bw/buscawap/etc/auth.key If I request "/docs" these messages appear in error_log: [Thu May 2 20:07:19 2002] [error] access to /login failed for 127.0.0.1, reason: Apache::AuthCookieDBI: didn't have the secret key for auth realm Busc aWAP [Thu May 2 20:07:21 2002] [error] access to /docs failed for 127.0.0.1, reason: Apache::AuthCookieDBI: didn't the secret key from for auth realm Busca WAP Any hint on what could I be doing wrong? -- fxn PerlModule Apache::AuthCookieDBI PerlSetVar BuscaWAPPath / PerlSetVar BuscaWAPLoginScript "/cgi/login.pl" # These must be set PerlSetVar BuscaWAPDBI_DSN "dbi:Oracle:BW_CATALOG" PerlSetVar BuscaWAPDBI_SecretKeyFile "/home/fxn/prj/bw/buscawap/etc/auth.key" # These are optional, the module sets sensible defaults. PerlSetVar BuscaWAPDBI_User"wap" PerlSetVar BuscaWAPDBI_Password"X" PerlSetVar BuscaWAPDBI_UsersTable "view_active_users" PerlSetVar BuscaWAPDBI_UserField "login" PerlSetVar BuscaWAPDBI_PasswordField "password" PerlSetVar BuscaWAPDBI_CryptType "none" PerlSetVar BuscaWAPDBI_GroupsTable "view_active_users" PerlSetVar BuscaWAPDBI_GroupField "rol" PerlSetVar BuscaWAPDBI_GroupUserField "login" PerlSetVar BuscaWAPDBI_EncryptionType "none" PerlSetVar BuscaWAPDBI_SessionLifetime 00-24-00-00 AuthTypeApache::AuthCookieDBI AuthNameBuscaWAP SetHandler perl-script PerlHandler Apache::AuthCookieDBI->login Alias /cgi /home/fxn/prj/bw/buscawap/www/cgi/ PerlModule Apache::Registry SetHandler perl-script PerlHandler Apache::Registry Options +ExecCGI AuthType Apache::AuthCookieDBI AuthName BuscaWAP PerlAuthenHandler Apache::AuthCookieDBI->authenticate PerlAuthzHandler Apache::AuthCookieDBI->authorize require valid-user SetHandlerperl-script PerlHandler BuscaWAP::Apache::Docs
Re: problems setting up Apache::AuthCookieDBI
Do you have this in httpd.conf (or mod_perl.conf) PerlSetVar BuscaWAPDBI_SecretKeyFile /home/fxn/prj/bw/buscawap/etc/auth.key ? -Fran F.Xavier Noria wrote: > I am having problems configuring Apache::AuthCookieDBI and am a bit > lost, since it seems there is something wrong with the secret key > file I cannot see, I attach below the configuration in case it can > help. I have checked the permissions of the file (the server runs > in by box as "fxn"): > > $ ls -la /home/fxn/prj/bw/buscawap/etc/auth.key > -rw---1 fxn12 May 2 19:20 /home/fxn/prj/bw/buscawap/etc/auth.key > > If I request "/docs" these messages appear in error_log: > > [Thu May 2 20:07:19 2002] [error] access to /login failed for 127.0.0.1, reason: >Apache::AuthCookieDBI: didn't have the secret key for auth realm Busc > aWAP > [Thu May 2 20:07:21 2002] [error] access to /docs failed for 127.0.0.1, reason: >Apache::AuthCookieDBI: didn't the secret key from for auth realm Busca > WAP > > Any hint on what could I be doing wrong? > > -- fxn > > > PerlModule Apache::AuthCookieDBI > > PerlSetVar BuscaWAPPath / > PerlSetVar BuscaWAPLoginScript "/cgi/login.pl" > > # These must be set > PerlSetVar BuscaWAPDBI_DSN "dbi:Oracle:BW_CATALOG" > PerlSetVar BuscaWAPDBI_SecretKeyFile "/home/fxn/prj/bw/buscawap/etc/auth.key" > > # These are optional, the module sets sensible defaults. > PerlSetVar BuscaWAPDBI_User"wap" > PerlSetVar BuscaWAPDBI_Password"X" > PerlSetVar BuscaWAPDBI_UsersTable "view_active_users" > PerlSetVar BuscaWAPDBI_UserField "login" > PerlSetVar BuscaWAPDBI_PasswordField "password" > PerlSetVar BuscaWAPDBI_CryptType "none" > PerlSetVar BuscaWAPDBI_GroupsTable "view_active_users" > PerlSetVar BuscaWAPDBI_GroupField "rol" > PerlSetVar BuscaWAPDBI_GroupUserField "login" > PerlSetVar BuscaWAPDBI_EncryptionType "none" > PerlSetVar BuscaWAPDBI_SessionLifetime 00-24-00-00 > > > AuthTypeApache::AuthCookieDBI > AuthNameBuscaWAP > SetHandler perl-script > PerlHandler Apache::AuthCookieDBI->login > > > Alias /cgi /home/fxn/prj/bw/buscawap/www/cgi/ > PerlModule Apache::Registry > > > SetHandler perl-script > PerlHandler Apache::Registry > Options +ExecCGI > > > > AuthType Apache::AuthCookieDBI > AuthName BuscaWAP > PerlAuthenHandler Apache::AuthCookieDBI->authenticate > PerlAuthzHandler Apache::AuthCookieDBI->authorize > require valid-user > SetHandlerperl-script > PerlHandler BuscaWAP::Apache::Docs >
Re: problems setting up Apache::AuthCookieDBI
On Thu, 02 May 2002 20:24:10 +0200 Per Einar Ellefsen <[EMAIL PROTECTED]> wrote: : At 20:10 02.05.2002, F.Xavier Noria wrote: : >PerlModule Apache::AuthCookieDBI : > : >PerlSetVar BuscaWAPPath / : >PerlSetVar BuscaWAPLoginScript "/cgi/login.pl" : > : ># These must be set : >PerlSetVar BuscaWAPDBI_DSN "dbi:Oracle:BW_CATALOG" : >PerlSetVar BuscaWAPDBI_SecretKeyFile "/home/fxn/prj/bw/buscawap/etc/auth.key" : : Have you tried inserting these into the respective sections? I'm : not sure, but I think PerlSetVars aren't merged into location-specific : configuration, so they might not actually be caught by Apache::AuthCookieDBI I guess this is not the problem since /cgi/login.pl gets run by the module and is configured the same way. Thank you anyway! -- fxn
Re: problems setting up Apache::AuthCookieDBI
> I'm not sure, but I think PerlSetVars aren't merged into > location-specific configuration, so they might not actually be caught by > Apache::AuthCookieDBI they should merge just fine. I do stuff like PerlSetVar DBASE dbi:Oracle:HELM all the time and grab it in specific handlers --Geoff
Re: problems setting up Apache::AuthCookieDBI
At 20:10 02.05.2002, F.Xavier Noria wrote: >PerlModule Apache::AuthCookieDBI > >PerlSetVar BuscaWAPPath / >PerlSetVar BuscaWAPLoginScript "/cgi/login.pl" > ># These must be set >PerlSetVar BuscaWAPDBI_DSN "dbi:Oracle:BW_CATALOG" >PerlSetVar BuscaWAPDBI_SecretKeyFile "/home/fxn/prj/bw/buscawap/etc/auth.key" Have you tried inserting these into the respective sections? I'm not sure, but I think PerlSetVars aren't merged into location-specific configuration, so they might not actually be caught by Apache::AuthCookieDBI -- Per Einar Ellefsen [EMAIL PROTECTED]
Re: problems setting up Apache::AuthCookieDBI
On Thu, 02 May 2002 15:22:59 -0400 Fran Fabrizio <[EMAIL PROTECTED]> wrote: : Do you have this in httpd.conf (or mod_perl.conf) : : PerlSetVar BuscaWAPDBI_SecretKeyFile /home/fxn/prj/bw/buscawap/etc/auth.key : : ? I have all mod_perl-related things in mod_perl.conf, and httpd.conf ends with this line: Include /home/fxn/prj/bw/buscawap/etc/mod_perl.conf Could that matter? -- fxn
Re: problems setting up Apache::AuthCookieDBI (solved but no fullyunderstood)
> > >Loading Apache::AuthCookieDBI after setting WhatEverDBI_SecretKeyFile >has solved the problem. I am doing something wrong or the example in the >manual page would need to be modified? > That's odd, I load my module first before setting the secret key (or any of the other variables) and it works fine for me. -Fran
Re: problems setting up Apache::AuthCookieDBI (solved but no fullyunderstood)
> > >Does the server load the module that way? > > It's beyond my expertise at this point but my experience would indicate that it does not work this way since I have PerlModule before the PerlSetVar and it works fine. -Fran
Re: problems setting up Apache::AuthCookieDBI (solved but no fullyunderstood)
> > >Jacob Davies (author of Apache::AuthCookieDBI) confirmed the secret key >file has to be set before the PerlModule directive, it is a bug in the >documentation. > Except it doesn't really, because it works fine for me. =) I compiled mod_perl static, I tend to avoid DSO if possible. -Fran
Re: problems setting up Apache::AuthCookieDBI (solved but no fullyunderstood)
>I for sure), I don't understand why the order does not matter in your >machine. Do we have the same version of the module (v1.18)? > >-- fxn > > Ah, no, I've got 1.10. Here is the relevant part of my config file # AuthCookieDBI config PerlModule Apache::AuthCookieDBI PerlSetVar RMSPath / PerlSetVar RMSLoginScript /rms/login PerlSetVar RMSDBI_SecretKeyFile /usr/local/apache/RMSsecretkeyfile PerlSetVar etc.. So much for backwards compatibility. ;-) -Fran
Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
On Thu, 2 May 2002 20:10:15 +0200 F. Xavier Noria <[EMAIL PROTECTED]> wrote: : I am having problems configuring Apache::AuthCookieDBI and am a bit : lost, since it seems there is something wrong with the secret key : file I cannot see, I attach below the configuration in case it can : help. I have checked the permissions of the file (the server runs : in by box as "fxn"): The problem, it seems, was that I was setting the variables used by the module _after_ loading it, as in the example of its manual page: PerlModule Apache::AuthCookieDBI PerlSetVar BuscaWAPPath / PerlSetVar BuscaWAPLoginScript "/cgi/login.pl" # These must be set PerlSetVar BuscaWAPDBI_DSN "dbi:Oracle:BW_CATALOG" PerlSetVar BuscaWAPDBI_SecretKeyFile "/home/fxn/prj/bw/buscawap/etc/auth.key" Apache::AuthCookieDBI reads its config variables in a BEGIN block. I inserted a trace there and keys %{ Apache->server->dir_config() }; returned no variable set via PerlSetVar after that PerlModule directive. So the hash %SECRET_KEYS, initialized there, had no entries. Moreover, when I tried to access a protected URL as localhost/docs I was redirected to /cgi/login.pl as configured (as you see, after PerlModule as well), which confused me. I suppose this is so because the module sees the variable at runtime, where the config file has been already fully read. Loading Apache::AuthCookieDBI after setting WhatEverDBI_SecretKeyFile has solved the problem. I am doing something wrong or the example in the manual page would need to be modified? -- fxn
Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
On Fri, 03 May 2002 09:09:08 -0400 Fran Fabrizio <[EMAIL PROTECTED]> wrote: : > : > : >Loading Apache::AuthCookieDBI after setting WhatEverDBI_SecretKeyFile : >has solved the problem. I am doing something wrong or the example in the : >manual page would need to be modified? : > : That's odd, I load my module first before setting the secret key (or any : of the other variables) and it works fine for me. If the module was loaded when the server sees the "PerlModule" directive I think this code from Apache::AuthCookieDBI (version 1.18) implies that variable in particular needs to be set before: #=== # S E R V E R S T A R T I N I T I A L I Z A T I O N #=== BEGIN { my @keyfile_vars = grep { $_ =~ /DBI_SecretKeyFile$/ } keys %{ Apache->server->dir_config() }; foreach my $keyfile_var ( @keyfile_vars ) { my $keyfile = Apache->server->dir_config( $keyfile_var ); my $auth_name = $keyfile_var; $auth_name =~ s/DBI_SecretKeyFile$//; unless ( open( KEY, "<$keyfile" ) ) { Apache::log_error( "Could not open keyfile for $auth_name in file $keyfile" ); } else { Apache::warn("Adding key for realm $auth_name"); $SECRET_KEYS{ $auth_name } = ; close KEY; } } } Does the server load the module that way? -- fxn
RE: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
I was having the exact same problem 2 days ago... Could it be a difference in static vs. dso? I'm running mod_perl as a dso - how about you two? I did basically the same troubleshooting (added some log_error statements to the BEGIN block) and noticed the same thing - SecretKey file wasn't getting read. For some reason the dir_config hash is empty (completely, not just of *DBI_* entries) when that BEGIN block is executed. I don't know enough about apache internals to understand why moving the PerlModule line to the end of the PerlSetVar *DBI_* directives makes a difference, but it does (for some at least). Jim > -Original Message- > From: Fran Fabrizio [mailto:[EMAIL PROTECTED]] > Sent: Friday, May 03, 2002 6:38 AM > To: F.Xavier Noria > Cc: [EMAIL PROTECTED] > Subject: Re: problems setting up Apache::AuthCookieDBI > (solved but no fully understood) > > > > > > > >Does the server load the module that way? > > > > > It's beyond my expertise at this point but my experience > would indicate > that it does not work this way since I have PerlModule before the > PerlSetVar and it works fine. > > -Fran > > >
RE: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
p.s. FWIW, I ended up using Apache::AuthTicket instead - has a feature I wanted (timeout, not just expiry), which CookieDBI didn't have), and it worked as documented with zero hassle... Jim > > -Original Message- > > From: Fran Fabrizio [mailto:[EMAIL PROTECTED]] > > Sent: Friday, May 03, 2002 6:38 AM > > To: F.Xavier Noria > > Cc: [EMAIL PROTECTED] > > Subject: Re: problems setting up Apache::AuthCookieDBI > > (solved but no fully understood) > > > > > > > > > > > > >Does the server load the module that way? > > > > > > > > It's beyond my expertise at this point but my experience > > would indicate > > that it does not work this way since I have PerlModule before the > > PerlSetVar and it works fine. > > > > -Fran > > > > > > >
Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
Try my Apache::AccessCookie too. It provides the same ticketing interface for many different authenticating methods such as LDAP, IMAP, ftp, SMB, and (of course) DBI, plus a number of useful features. One can simply implement her own mechanism too. It can be downloaded at http://mod_perl.home.att.net. BTW, I tried to register the module in CPAN, but was kind of lost in the middle. Peter Bi - Original Message - From: "Jim Helm" <[EMAIL PROTECTED]> To: "'Fran Fabrizio'" <[EMAIL PROTECTED]>; "'F.Xavier Noria'" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, May 03, 2002 10:08 PM Subject: RE: problems setting up Apache::AuthCookieDBI (solved but no fully understood) > p.s. FWIW, I ended up using Apache::AuthTicket instead - has a feature I > wanted (timeout, not just expiry), which CookieDBI didn't have), and it > worked as documented with zero hassle... > > Jim > > > > -Original Message- > > > From: Fran Fabrizio [mailto:[EMAIL PROTECTED]] > > > Sent: Friday, May 03, 2002 6:38 AM > > > To: F.Xavier Noria > > > Cc: [EMAIL PROTECTED] > > > Subject: Re: problems setting up Apache::AuthCookieDBI > > > (solved but no fully understood) > > > > > > > > > > > > > > > > > >Does the server load the module that way? > > > > > > > > > > > It's beyond my expertise at this point but my experience > > > would indicate > > > that it does not work this way since I have PerlModule before the > > > PerlSetVar and it works fine. > > > > > > -Fran > > > > > > > > > > > > >
Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
On Fri, 3 May 2002 22:02:18 -0700 "Jim Helm" <[EMAIL PROTECTED]> wrote: : I was having the exact same problem 2 days ago... Could it be a : difference in static vs. dso? I'm running mod_perl as a dso - how about : you two? I compiled httpd. Jacob Davies (author of Apache::AuthCookieDBI) confirmed the secret key file has to be set before the PerlModule directive, it is a bug in the documentation. -- fxn
Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
On Mon, 06 May 2002 10:04:28 -0400 Fran Fabrizio <[EMAIL PROTECTED]> wrote: : >Jacob Davies (author of Apache::AuthCookieDBI) confirmed the secret key : >file has to be set before the PerlModule directive, it is a bug in the : >documentation. : > : Except it doesn't really, because it works fine for me. =) : : I compiled mod_perl static, I tend to avoid DSO if possible. The Eagle book says (page 58): Apache processes the configuration directives on a first-come, first-serve basis, so in certain cases, the order in which directives appear is important. So Apache passes PerlModule and PerlSetVar to mod_perl as it finds it in its configuration file. If mod_perl loaded modules as they come by means of PerlModule that would explain why variables set with PerlSetVar after that directive are not seen by the very module at loading time. As that seems to be the behaviour in my static mod_perl and Jacob Davies said he had to change the documentation (and he knows more mod_perl than I for sure), I don't understand why the order does not matter in your machine. Do we have the same version of the module (v1.18)? -- fxn
Re: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
Peter: Squid complains about http://mod_perl.home.att.net which it says contains an invalid character ("_"), so I can't access it. Rafael Caceres At 10:58 PM 5/3/2002 -0700, you wrote: >Try my Apache::AccessCookie too. It provides the same ticketing interface >for many different authenticating methods such as LDAP, IMAP, ftp, SMB, and >(of course) DBI, plus a number of useful features. One can simply implement >her own mechanism too. It can be downloaded at http://mod_perl.home.att.net. > >BTW, I tried to register the module in CPAN, but was kind of lost in the >middle. > > >Peter Bi > >- Original Message - >From: "Jim Helm" <[EMAIL PROTECTED]> >To: "'Fran Fabrizio'" <[EMAIL PROTECTED]>; "'F.Xavier Noria'" ><[EMAIL PROTECTED]> >Cc: <[EMAIL PROTECTED]> >Sent: Friday, May 03, 2002 10:08 PM >Subject: RE: problems setting up Apache::AuthCookieDBI (solved but no fully >understood) > > > > p.s. FWIW, I ended up using Apache::AuthTicket instead - has a feature I > > wanted (timeout, not just expiry), which CookieDBI didn't have), and it > > worked as documented with zero hassle... > > > > Jim > > > > > > -Original Message----- > > > > From: Fran Fabrizio [mailto:[EMAIL PROTECTED]] > > > > Sent: Friday, May 03, 2002 6:38 AM > > > > To: F.Xavier Noria > > > > Cc: [EMAIL PROTECTED] > > > > Subject: Re: problems setting up Apache::AuthCookieDBI > > > > (solved but no fully understood) > > > > > > > > > > > > > > > > > > > > > > >Does the server load the module that way? > > > > > > > > > > > > > > It's beyond my expertise at this point but my experience > > > > would indicate > > > > that it does not work this way since I have PerlModule before the > > > > PerlSetVar and it works fine. > > > > > > > > -Fran > > > > > > > > > > > > > > > > > > >
RE: problems setting up Apache::AuthCookieDBI (solved but no fully understood)
Strictly speaking "_" is (was?) an illegal character for DNS names. I used to go round-n-round with a fellow sysadmin about that fact, and that we shouldn't use "_" in hostnames. Jim > -Original Message- > From: Rafael Caceres [mailto:[EMAIL PROTECTED]] > Sent: Monday, May 06, 2002 10:23 AM > To: Peter Bi > Cc: [EMAIL PROTECTED] > Subject: Re: problems setting up Apache::AuthCookieDBI > (solved but no fully understood) > > > Peter: > > Squid complains about http://mod_perl.home.att.net which it > says contains > an invalid character ("_"), so I can't access it. > > Rafael Caceres > > At 10:58 PM 5/3/2002 -0700, you wrote: > >Try my Apache::AccessCookie too. It provides the same ticketing > >interface for many different authenticating methods such as > LDAP, IMAP, > >ftp, SMB, and (of course) DBI, plus a number of useful features. One > >can simply implement her own mechanism too. It can be downloaded at > >http://mod_perl.home.att.net. > > > >BTW, I tried to register the module in CPAN, but was kind of lost in > >the middle. > > > > > >Peter Bi > > > >- Original Message - > >From: "Jim Helm" <[EMAIL PROTECTED]> > >To: "'Fran Fabrizio'" <[EMAIL PROTECTED]>; "'F.Xavier Noria'" > ><[EMAIL PROTECTED]> > >Cc: <[EMAIL PROTECTED]> > >Sent: Friday, May 03, 2002 10:08 PM > >Subject: RE: problems setting up Apache::AuthCookieDBI > (solved but no > >fully > >understood) > > > > > > > p.s. FWIW, I ended up using Apache::AuthTicket instead - has a > > > feature I wanted (timeout, not just expiry), which > CookieDBI didn't > > > have), and it worked as documented with zero hassle... > > > > > > Jim > > > > > > > > -Original Message- > > > > > From: Fran Fabrizio [mailto:[EMAIL PROTECTED]] > > > > > Sent: Friday, May 03, 2002 6:38 AM > > > > > To: F.Xavier Noria > > > > > Cc: [EMAIL PROTECTED] > > > > > Subject: Re: problems setting up > Apache::AuthCookieDBI (solved > > > > > but no fully understood) > > > > > > > > > > > > > > > > > > > > > > > > > > > >Does the server load the module that way? > > > > > > > > > > > > > > > > > It's beyond my expertise at this point but my > experience would > > > > > indicate that it does not work this way since I have > PerlModule > > > > > before the PerlSetVar and it works fine. > > > > > > > > > > -Fran > > > > > > > > > > > > > > > > > > > > > > > > > >