Re: Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler Authen::Simple::IMAP"
On Thu, Feb 21, 2019 at 02:35:22AM +, Jie Gao (j@sydney.edu.au) wrote: > * Jobst Schmalenbach wrote: > > Not sure how you went with this issue, but you might want to try this instead: > > > Require user USER1 USER2 > > Require ip 127.0.0.1 > Require host localhost > Require host THESERVER > > > Does not make a diffrence. If you read http://httpd.apache.org/docs/trunk/upgrading.html it states a little bit further down related to the old "satisfy any" (which is what I want) 2.4 configuration: AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure # Implicitly Require valid-user Require ip 127.0.0.1 So it's implicit, which actaully I understand. As I said too, I have a login box (couple of email before yours) ... so it is actually loading everything as expected. I am currently fixing this: Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER BBL with report how to get the entire thing to work with the Authen::Simple::IMAP Net::IMAP::Simple; Jobst -- When the Pope visits a country he really likes, does he french kiss the ground? | |0| | Jobst Schmalenbach, General Manager | | |0| Barrett & Sales Essentials |0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia
Re: Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler Authen::Simple::IMAP"
* Jobst Schmalenbach wrote: > Date: Wed, 20 Feb 2019 12:33:22 +1100 > From: Jobst Schmalenbach > To: modperl@perl.apache.org > Subject: Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler > Authen::Simple::IMAP" > User-Agent: Mutt/1.9.1 (2017-09-22) > > I posted this first on the Apache mailing list, one person mentioned as this > is mod_perl related I should post it here, so here it is. > > I have just started upgrading all of my CentOS servers from 6.X to 7.X, with > that Apache gets upgraded from 2.2 to 2.4, but it seems mod_perl has not > increased the version number. > > While I have fixed most of the issues realted to the upgrade of Apache one I > cannot solve is the "PerlAuthenHandler Authen::Simple::IMAP" in .htaccess > files. > > I use this rather frequently on many machines as it is real easy for me to > look after this. > > Using apache 2.2 this used to work like a charm with an .htaccess file in the > directory to protect: > > satisfy any > Order deny,allow > deny from all > > AuthName "Protected by IMAP credentials" > AuthType Basic > require user USER1 USER2 > PerlAuthenHandler Authen::Simple::IMAP > PerlSetVarAuthenSimpleIMAP_host > "CENTRAL.IMAPS.SERVER.HOST.NAME" > PerlSetVarAuthenSimpleIMAP_protocol "IMAPS" > > allow from localhost > allow from THESERVER > > I re-wrote this for apache 2.4 (not repeating the perl stuff which is the > same in both) but same .htaccess file > > > Require user USER1 USER2 > # do not turn this off, or else this will not work. > Require ip 127.0.0.1 > Require host localhost > Require host THESERVER > Not sure how you went with this issue, but you might want to try this instead: Require user USER1 USER2 Require ip 127.0.0.1 Require host localhost Require host THESERVER Regards, Jie (I am currently having problems sending to/receiving from the list with my posts at the moment.) > In the server's httpd.conf file I have: > >PerlRequire /etc/httpd/conf/startup.pl > > which contains this: > >#!/bin/env /usr/bin/perl >use strict; >use warnings; >use Authen::Simple::IMAP; >1; > > This loads with no error messages (this also means mod_perl is working). > > The problem really is: > > ==> error_log <== > failed to resolve handler Authen::Simple::IMAP > failed to resolve handler Authen::Simple::IMAP > failed to resolve handler Authen::Simple::IMAP > failed to resolve handler Authen::Simple::IMAP > > The browser page displays a "Secure connection failed" which is crap as the > certificate and everything is in perfect condition. > > > How can I make this work with apache 2.4? > What am I doing wrong? > > > thanks > Jobst > > > > -- > If a pig loses its voice, is it disgruntled? > > | |0| | Jobst Schmalenbach, General Manager > | | |0| Barrett & Sales Essentials > |0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia >
Re: AuthCookieDBI and Apache 2.4
On Wed, Feb 20, 2019 at 05:56:48PM -0500, Edward J. Sabol wrote: > Any pointers to a working AuthzProvider written in Perl (like for the > "species" one) in your examples? It's not perfectly clear to me how to > go about that. I wrote one for CAS auth a while back: https://github.com/pbhenson/Apache2-AuthCASpbh/blob/master/lib/Apache2/AuthCASpbh/Authz.pm
Re: AuthCookieDBI and Apache 2.4
On Feb 20, 2019, at 11:28 AM, Michael Schout wrote:
> As for AuthCookieDBI, you may not even need to change it to use
> Apache2_4::AuthCookie base, as eventually I managed to get all of the
> changes needed to work togehter in Apache2::AuthCookie. I left
> Apache2_4::AuthCookie for historical reasons, and in case further issues
> came up that would require more changes that were 2.4 exclusive.
Impressive! And good to know.
> If you aren't doing anything fancy with `require` directives, you likely
> don't need to worry about creating an Authz provider, which is where
> most of the issues are when moving to 2.4. Looking at AuthCookieDBI, it
> does implement support for `require group`, so if you need that, you
> will need to create an Authz provider that implements it. But if not,
> you can probably not worry about it.
Well, I definitely have to worry about it, unfortunately. We use group-based
authorization ('require group foo') extensively.
Looking at your
https://metacpan.org/pod/distribution/Apache-AuthCookie/README.apache-2.4.pod
document, we need a
PerlAddAuthzProvider group My::AuthCookieHandler->authz_group
Any pointers to a working AuthzProvider written in Perl (like for the "species"
one) in your examples? It's not perfectly clear to me how to go about that.
Many thanks,
Ed
Re: Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler Authen::Simple::IMAP"
On Wed, Feb 20, 2019 at 02:11:14PM +, John Dunlap (j...@lariat.co) wrote: > Have you tried adding "Require all granted" inside the directory tag? That would defeat the purpose of my problem. If I do "Require all granted" the directory would not be protected, he password query would not come up and the IMAP module would not be required. > > On Wed, Feb 20, 2019 at 5:11 AM Jobst Schmalenbach > > On Tue, Feb 19, 2019 at 06:14:53PM -0800, Paul B. Henson (hen...@acm.org) > > > On 2/19/2019 6:02 PM, Jie Gao wrote: > > > > Need to play some hockey first .. BBL > > Jobst > > -- > John Dunlap > *CTO | Lariat * > > *Direct:* > *j...@lariat.co * > > *Customer Service:* > 877.268.6667 > supp...@lariat.co -- If proof denies faith, and uncertainty denies proof, then uncertainty is proof of God's existence. | |0| | Jobst Schmalenbach, General Manager | | |0| Barrett & Sales Essentials |0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia
Re: AuthCookieDBI and Apache 2.4
On 20.02.2019 17:28, Michael Schout wrote: On 2/12/19 1:25 PM, Edward J. Sabol wrote: I know AuthCookie has been updated by the magnificient Michael Schout to Thanks for the kind compliments Ed :). I would like to add mine : ++. As for AuthCookieDBI, you may not even need to change it to use Apache2_4::AuthCookie base, as eventually I managed to get all of the changes needed to work togehter in Apache2::AuthCookie. I left Apache2_4::AuthCookie for historical reasons, and in case further issues came up that would require more changes that were 2.4 exclusive. If you aren't doing anything fancy with `require` directives, you likely don't need to worry about creating an Authz provider, which is where most of the issues are when moving to 2.4. Looking at AuthCookieDBI, it does implement support for `require group`, so if you need that, you will need to create an Authz provider that implements it. But if not, you can probably not worry about it. Hope this helps. Regards, Michael Schout
Re: AuthCookieDBI and Apache 2.4
On 2/12/19 1:25 PM, Edward J. Sabol wrote: > I know AuthCookie has been updated by the magnificient Michael Schout to Thanks for the kind compliments Ed :). As for AuthCookieDBI, you may not even need to change it to use Apache2_4::AuthCookie base, as eventually I managed to get all of the changes needed to work togehter in Apache2::AuthCookie. I left Apache2_4::AuthCookie for historical reasons, and in case further issues came up that would require more changes that were 2.4 exclusive. If you aren't doing anything fancy with `require` directives, you likely don't need to worry about creating an Authz provider, which is where most of the issues are when moving to 2.4. Looking at AuthCookieDBI, it does implement support for `require group`, so if you need that, you will need to create an Authz provider that implements it. But if not, you can probably not worry about it. Hope this helps. Regards, Michael Schout
Re: Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler Authen::Simple::IMAP"
Have you tried adding "Require all granted" inside the directory tag? On Wed, Feb 20, 2019 at 5:11 AM Jobst Schmalenbach wrote: > On Tue, Feb 19, 2019 at 06:14:53PM -0800, Paul B. Henson (hen...@acm.org) > wrote: > > On 2/19/2019 6:02 PM, Jie Gao wrote: > > > Found this on CPAN: > > > > > > Module < Authen::Simple::IMAP > (DMARTIN/Authen-Simple-IMAP-0.1.2.tar.gz) > > > > The last update for this module was in 2009; Apache 2.4 was released in > > 2012, so without even looking at the code I am fairly confident the > module > > does not support it. > > > > Authen::Simple::Apache, not Authen::Simple::IMAP itself. That one was > last > > > > There are actually a few issues here and it's not > > - Authen::Simple::Apache > - Authen::Simple::IMAP > > It has to do with the .htaccess file, I just got a login box. > I saw this: > > https://www.gsp.com/cgi-bin/man.cgi?topic=Authen::Simple::Passwd > > which has a different setup than the .htaccess I specified > > PerlModule Authen::Simple::Apache > PerlModule Authen::Simple::Passwd > PerlSetVar AuthenSimplePasswd_path "/etc/passwd" > > PerlAuthenHandler Authen::Simple::Passwd > AuthType Basic > AuthName "Protected Area" > Require valid-user > > They are ACTUALLY specifying the MODULES which I did not do. > > > Need to play some hockey first .. BBL > Jobst > > > > > > > -- > People without trees are like fish without clean water! > > | |0| | Jobst Schmalenbach, General Manager > | | |0| Barrett & Sales Essentials > |0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia > -- John Dunlap *CTO | Lariat * *Direct:* *j...@lariat.co * *Customer Service:* 877.268.6667 supp...@lariat.co
