Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 18902 invoked from network); 29 Sep 2009 15:43:25 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 29 Sep 2009 15:43:25 -0000 Received: (qmail 92513 invoked by uid 500); 29 Sep 2009 15:43:24 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 92440 invoked by uid 500); 29 Sep 2009 15:43:23 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 92431 invoked by uid 99); 29 Sep 2009 15:43:23 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 Sep 2009 15:43:23 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of trawick@gmail.com designates 72.14.220.152 as permitted sender) Received: from [72.14.220.152] (HELO fg-out-1718.google.com) (72.14.220.152) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 Sep 2009 15:43:16 +0000 Received: by fg-out-1718.google.com with SMTP id e21so966607fga.12 for ; Tue, 29 Sep 2009 08:42:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=MV5vF9aDa+HOu1SwiZY+Dp+RYchbYw6Gqhl7qZKW6Uo=; b=FawwGPtih2dpRlrnjvzk/Pcbjj23FGyt8OHA62i8OWRjHNm1YLn6jc7fi+mqPeBxz/ juiCsJG1jFWjpUTGfyK6HuRVYL1jLnF4xCdEGMfJFF9XMMJBqIQa+jFpN1UQAhj0wIlk iOOpPnk0F6Z/DFY2GEwXcm6P0smv6zp7LTP/w= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=Pz5423/pH7cEE2G3I/rPcnnVbp956+T7CtXDG6KKD3UsUp4S3D9qNoVqqtLHbn0x35 F1HWbSSUSh+bwzSU8xUD97RLjrhPDWMOQu+tYz3Zi480fB7ut6R5bNS6letm979MIDSb L3kJc4CpSmxtZEAQHXNrBL2pITPYPZL3WzQBM= MIME-Version: 1.0 Received: by 10.87.66.2 with SMTP id t2mr4326157fgk.62.1254238975147; Tue, 29 Sep 2009 08:42:55 -0700 (PDT) In-Reply-To: <4AC22732.6060008@onelan.co.uk> References: <4AC1FB12.9000605@onelan.co.uk> <4AC22732.6060008@onelan.co.uk> Date: Tue, 29 Sep 2009 11:42:55 -0400 Message-ID: Subject: Re: mod_fcgid - cannot get authorizer process to be started From: Jeff Trawick To: dev@httpd.apache.org Content-Type: multipart/alternative; boundary=001485f1dc5293c02c0474b944b7 X-Virus-Checked: Checked by ClamAV on apache.org --001485f1dc5293c02c0474b944b7 Content-Type: text/plain; charset=ISO-8859-1 On Tue, Sep 29, 2009 at 11:26 AM, Barry Scott wrote: > Jeff Trawick wrote: > > On Tue, Sep 29, 2009 at 8:18 AM, Barry Scott > barry.scott@onelan.co.uk>> wrote: >> >> The mod_fcgid page says to ask on dev I assume that this is the >> right place to ask. >> >> I'm using mod_fcgid from svn with HTTPD 2.2. >> >> I want to use a fast CGI authorizer to allow me to control access >> based on my rules. >> The authorizer needs to be a long running process - never exits. >> >> I know that the fcgid code is noticing the directive because I can >> change the filename >> and see the error message from the sources. >> >> But I'm at a lose as to the required to get this configuration to >> actually call my code. >> mod_fcgid is not starting up the authorizer process. >> >> I have the following fcgid specific lines in my httpd.conf file: >> >> ---- httpd.conf ---- >> ... >> LoadModule fcgid_module modules/mod_fcgid.so >> ... >> >> Listen *:9000 >> >> >> Order allow,deny >> Allow from all >> AuthType Digest >> >> >> Did you really mean Digest authentication instead of Basic authentication? >> >> mod_fcgid only supports Basic, AFAICT. >> >> /* Get the user password */ >> if ((res = ap_get_basic_auth_pw(r, &password)) != OK) >> return res; >> >> > I don't want to be an authenticator, I want to be a authorizer. > Authorizer has no need of passwords right. > whoops :( yes your "require valid-user" implies that you don't need authorization; try "require valid-group" instead --001485f1dc5293c02c0474b944b7 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On Tue, Sep 29, 2009 at 11:26 AM, Barry Scott <barry.scott= @onelan.co.uk> wrote:
Jeff Trawick wrote:

On Tue, Sep 29, 2009 at 8:18 AM, Barry Scott <barry.scott@onelan.co.uk <mailto= :barry.scott@= onelan.co.uk>> wrote:

=A0 =A0The mod_fcgid page says to ask on dev I assume that this is the
=A0 =A0right place to ask.

=A0 =A0I'm using mod_fcgid from svn with HTTPD 2.2.

=A0 =A0I want to use a fast CGI authorizer to allow me to control access =A0 =A0based on my rules.
=A0 =A0The authorizer needs to be a long running process - never exits.
=A0 =A0I know that the fcgid code is noticing the directive because I can<= br> =A0 =A0change the filename
=A0 =A0and see the error message from the sources.

=A0 =A0But I'm at a lose as to the required to get this configuration = to
=A0 =A0actually call my code.
=A0 =A0mod_fcgid is not starting up the authorizer process.

=A0 =A0I have the following fcgid specific lines in my httpd.conf file:
=A0 =A0---- httpd.conf ----
=A0 =A0...
=A0 =A0LoadModule fcgid_module modules/mod_fcgid.so
=A0 =A0...

=A0 =A0Listen *:9000
=A0 =A0<VirtualHost *:9000>
=A0 =A0 <Location />
=A0 =A0 =A0 =A0 Order allow,deny
=A0 =A0 =A0 =A0 Allow from all
=A0 =A0 =A0 =A0 AuthType Digest


Did you really mean Digest authentication instead of Basic authentication?<= br>
mod_fcgid only supports Basic, AFAICT.

=A0 =A0/* Get the user password */
=A0 =A0if ((res =3D ap_get_basic_auth_pw(r, &password)) !=3D OK)
=A0 =A0 =A0 =A0return res;


I don't want to be an authenticator, I want to be a authorizer.
Authorizer has no need of passwords right.

whoops = :(

yes

your "require valid-user" implies that you don't = need authorization; try "require valid-group" instead

--001485f1dc5293c02c0474b944b7--