httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From paredes <pare...@aecom.yu.edu>
Subject Re: [users@httpd] mod_auth_mysql
Date Fri, 11 Aug 2006 14:43:38 GMT
Hi Michael!

How interesting [and bizarre]. Since your last post I've been 
researching this to find why it's working on my site but not on yours 
and have gotten nowhere. My testing realms are static pages and use the 
<directory> container. Everything else on my site is dynamically 
generated and I use the <directorymatch> container so I can use regex 
for filters.
But I'm glad it's finally working for you and that you'll probably save 
many folks much grief later.

Hopefully someone on the list can "authoritatively" explain this behavior :)

Regards,
William Paredes

Michael Luff wrote:
> Hi William,
> 	I've now managed to get this to work by using <Location> instead
> of <Directory>, my listing now reads:
>
> <location /files>
>         Order Allow,Deny
>         Satisfy Any
>         Allow from 10.0.0
>
>         AuthName "authentication required"
>         AuthType Basic
>         AuthMySQLHost           localhost
>         AuthMySQLEnable         on
>         AuthMySQLUser           xxxxxxx
>         AuthMySQLPassword       xxxxxxx
>         AuthMySQLDB             auth
>         AuthMySQLUserTable      users
>         AuthMySQLNameField      user_name
>         AuthMySQLPasswordField  user_passwd
>         AuthMySQLGroupTable     groups
>         AuthMySQLGroupField     user_group
> # This next line controls which group(s) can access the resource
>         Require group user admin
> </Location>
>
> I changed this after reading up on different containers and finding this
> comment:
>
> 'When applying directives to objects that do not reside in the
> filesystem (such as a webpage generated from a database), use
> <Location>.'
>
> My pages are indeed generated from a database.
>
> Are there any problems using this approach or is it safe to consider
> this solved?
>
> Many thanks for all your help,
> Michael.
>
> -----Original Message-----
> From: paredes [mailto:paredes@aecom.yu.edu] 
> Sent: 07 August 2006 19:46
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] mod_auth_mysql
>
> Hi Michael!
>
> Set your apache loglevel directive to debug. Then you can open and 
> monitor your apache error log live [sudo tail -f pathToYourErrorLog] as 
> you hit your protected page with your browser. You should be able to see
>
> what mod_auth_mysql returns to the logs.
>
> I noticed that you are using auth_dbm_module. How is that module being
> used.
>
> In my configuration, I only load the module which I need and nothing 
> else. It makes troubleshooting easier [and the server a bit faster]:
>
> LoadModule access_module modules/mod_access.so
> LoadModule auth_module modules/mod_auth.so
> LoadModule ldap_module modules/mod_ldap.so
> LoadModule auth_ldap_module modules/mod_auth_ldap.so
> LoadModule mysql_auth_module  modules/mod_auth_mysql.so
> LoadModule include_module modules/mod_include.so
> LoadModule deflate_module modules/mod_deflate.so
> LoadModule log_config_module modules/mod_log_config.so
> LoadModule env_module modules/mod_env.so
> LoadModule setenvif_module modules/mod_setenvif.so
> LoadModule mime_module modules/mod_mime.so
> LoadModule autoindex_module modules/mod_autoindex.so
> LoadModule asis_module modules/mod_asis.so
> LoadModule negotiation_module modules/mod_negotiation.so
> LoadModule dir_module modules/mod_dir.so
> LoadModule imap_module modules/mod_imap.so
> LoadModule actions_module modules/mod_actions.so
> LoadModule alias_module modules/mod_alias.so
> LoadModule php5_module        modules/libphp5.so
>
> In my configuration [apache2.0.58] which I need to use dual 
> authentication - mod_auth_ldap with a "failthru" to mod_auth_mysql 
> [sourceforge ver 3.0] it was by trial and error that I found that  
> mod_auth_mysql's load order is important. That is why I'm curious how 
> you are using mod_auth_dbm.
>
> Regards,
> William Paredes
> Computer Based Education
> Albert Einstein College of Medicine
>
>
> Michael Luff wrote:
>   
>> Hello does anyone have any idea where I might look to resolve this
>> issue?
>> Many thanks.
>>
>> 	I'm using apache v2.0.55 and mod_auth_mysql v3 on a Gentoo Linux
>> box.  Below is a section from my httpd.conf - does it look right?
>>
>> # These modules provide authentication and authorisation for
>> # clients. They should not normally be disabled.
>> #
>> LoadModule access_module                 modules/mod_access.so
>> LoadModule auth_module                   modules/mod_auth.so
>> LoadModule auth_anon_module              modules/mod_auth_anon.so
>> LoadModule auth_dbm_module               modules/mod_auth_dbm.so
>> LoadModule auth_digest_module            modules/mod_auth_digest.so
>>
>> Many thanks,
>> Michael.
>>
>>
>> -----Original Message-----
>> From: paredes [mailto:paredes@aecom.yu.edu] 
>> Sent: 20 July 2006 19:01
>> To: users@httpd.apache.org
>> Subject: Re: [users@httpd] mod_auth_mysql
>>
>> Greetings Michael!
>>
>> Which versions of apache and mod_auth_mysql are you using? What
>>     
> platform
>   
>> are you on? When you check your httpd.conf file is mod_auth being
>> loaded?
>>
>> Regards,
>>
>> William  Paredes
>> Computer Based Education
>> Albert Einstein College of Medicine
>> Bronx, New York USA
>>
>>
>> Michael Luff wrote:
>>   
>>     
>>> Hi William,
>>> 	Thanks for your help on this one.  From what you and Elaine have
>>>     
>>>       
>>   
>>     
>>> written and from what I've read, this really ought to work but I'm 
>>> still stuck with the all or nothing problem.
>>>
>>> If I modify my file as you suggest, anyone can get access without 
>>> being prompted for a password, not just the IP I specify; if I
>>>       
> comment
>   
>>>     
>>>       
>>   
>>     
>>> out the 'satisfy any' line, I'm back to passwords for all.
>>>
>>> As we agree that the approach is valid, can anyone think of any other
>>>       
>
>   
>>> commands, directives etc somewhere else that might be having an
>>>       
> effect
>   
>>>     
>>>       
>>   
>>     
>>> on this?
>>>
>>> Many thanks,
>>> Michael.
>>>
>>> -----Original Message-----
>>> From: paredes [mailto:paredes@aecom.yu.edu]
>>> Sent: 19 July 2006 23:52
>>> To: users@httpd.apache.org
>>> Subject: Re: [users@httpd] mod_auth_mysql
>>>
>>> Greetings Michael!
>>>
>>> What should work is the following:
>>>
>>> <Directory /var/www/localhost/htdocs>
>>>
>>> deny from all
>>> allow from 10.0.0.72
>>>
>>> AuthName "authentication required"
>>> AuthType Basic
>>> AuthMySQLHost localhost
>>> AuthMySQLEnable on
>>> AuthMySQLUser xxxxxxx
>>> AuthMySQLPassword xxxxxxx
>>> AuthMySQLDB auth
>>> AuthMySQLUserTable users
>>> AuthMySQLNameField user_name
>>> AuthMySQLPasswordField user_passwd
>>> AuthMySQLGroupTable groups
>>> AuthMySQLGroupField user_group
>>> Require group user admin
>>>
>>> satisfy any
>>>
>>> </directory>
>>>
>>> William Paredes
>>> Computer Based education
>>> Albert Einstein College of Medicine
>>> Bronx, New York USA
>>>
>>>
>>> Michael Luff wrote:
>>>   
>>>     
>>>       
>>>> Hi Elaine,
>>>>
>>>> Many thanks for the help, I've now got:
>>>>
>>>> <Directory /var/www/localhost/htdocs>
>>>>
>>>> AuthName "authentication required"
>>>>
>>>> AuthType Basic
>>>>
>>>> AuthMySQLHost localhost
>>>>
>>>> AuthMySQLEnable on
>>>>
>>>> AuthMySQLUser xxxxxxx
>>>>
>>>> AuthMySQLPassword xxxxxxx
>>>>
>>>> AuthMySQLDB auth
>>>>
>>>> AuthMySQLUserTable users
>>>>
>>>> AuthMySQLNameField user_name
>>>>
>>>> AuthMySQLPasswordField user_passwd
>>>>
>>>> AuthMySQLGroupTable groups
>>>>
>>>> AuthMySQLGroupField user_group
>>>>
>>>> # This next line controls which group(s) can access the resource
>>>>
>>>> AllowOverride none
>>>>
>>>> Require group user admin
>>>>
>>>> Order allow,deny
>>>>
>>>> Allow from 10.0.0.72
>>>>
>>>> Satisfy Any
>>>>
>>>> </Directory>
>>>>
>>>> But now anyone can access it, not just the IUP address I've
>>>>       
>>>>         
>> specified!
>>   
>>     
>>>>     
>>>>       
>>>>         
>>>   
>>>     
>>>       
>>>> I can't seem to get around this all or nothing problem.
>>>>
>>>> Can you see anything I've done wrong?
>>>>
>>>> Regards,
>>>>
>>>> Michael.
>>>>
>>>> *From:* elaine [mailto:elaine@ccuec.unicamp.br]
>>>> *Sent:* 19 July 2006 13:49
>>>> *To:* users@httpd.apache.org
>>>> *Subject:* Re: [users@httpd] mod_auth_mysql
>>>>
>>>> Michael,
>>>>
>>>> Try to use the "allow" and "satisfy" directives.
>>>> This is an example, that we use to protect our intranet access :
>>>> (Note that the IP's and server name were modified, and we use the 
>>>> deny
>>>>     
>>>>       
>>>>         
>>>   
>>>     
>>>       
>>>> directive
>>>> to refuse connections from reception kiosk.)
>>>>
>>>> <Limit GET PUT POST>
>>>>
>>>> # Allow access only to authenticated users from MySQL # or users
>>>>         
> that
>   
>>>>       
>>>>         
>>   
>>     
>>>> are in the intranet # (except IP xx.xx.xx.xx : reception kiosk)
>>>>
>>>> require valid-user
>>>> Order allow,deny
>>>> Deny from xxx.xxx.xx.x
>>>>
>>>> # Allow access from our internal network without # username and 
>>>> password
>>>>
>>>> Allow from example.com
>>>>
>>>> Satisfy any
>>>> </Limit>
>>>>
>>>>
>>>> You can read more details about Satisfy directive :
>>>>
>>>> http://httpd.apache.org/docs/2.2/mod/core.html#satisfy
>>>>
>>>> Regards,
>>>> Elaine
>>>>
>>>> Michael Luff wrote:
>>>>
>>>> Hi All,
>>>>
>>>> I've got mod_auth_mysql working nicely but I would like the users on
>>>>         
>
>   
>>>> my internal network not to have to enter a username and password, 
>>>> just
>>>>     
>>>>       
>>>>         
>>>   
>>>     
>>>       
>>>> people accessing from outside.
>>>>
>>>> I've tried various solutions using Order deny,allow; allow from and 
>>>> so
>>>>     
>>>>       
>>>>         
>>>   
>>>     
>>>       
>>>> forth but with no luck, I end up with everyone being prompted or
>>>>     
>>>>       
>>>>         
>>> no-one.
>>>   
>>>     
>>>       
>>>> Here's my unmodified <Directory> command from my httpd.conf that 
>>>> requires everyone to supply a password, can anyone suggest how I can
>>>>         
>
>   
>>>> modify it to allow access from 10.0.0?
>>>>
>>>> <Directory /var/www/localhost/htdocs>
>>>>
>>>> AuthName "authentication required"
>>>>
>>>> AuthType Basic
>>>>
>>>> AuthMySQLHost localhost
>>>>
>>>> AuthMySQLEnable on
>>>>
>>>> AuthMySQLUser xxxxxx
>>>>
>>>> AuthMySQLPassword xxxxxxx
>>>>
>>>> AuthMySQLDB auth
>>>>
>>>> AuthMySQLUserTable users
>>>>
>>>> AuthMySQLNameField user_name
>>>>
>>>> AuthMySQLPasswordField user_passwd
>>>>
>>>> AuthMySQLGroupTable groups
>>>>
>>>> AuthMySQLGroupField user_group
>>>>
>>>> # This next line controls which group(s) can access the resource
>>>>
>>>> require group user admin
>>>>
>>>> </Directory>
>>>>
>>>> Regards,
>>>>
>>>> *Michael Luff** *MSc B.Eng (Hons) MIET* **Facilities & Systems 
>>>> Manager *
>>>>
>>>> T: +44 (0)20 8614 7604
>>>> F: +44 (0)20 8614 7601
>>>> M: +44 (0)7976 404956
>>>> E: Michael.luff@mailsource.co.uk
>>>>     
>>>>       
>>>>         
>>> <mailto:Michael.luff@mailsource.co.uk>
>>>   
>>>     
>>>       
>>>> *MailSource UK Limited *
>>>>
>>>> - Europe's leading specialist in integrated document delivery
>>>>     
>>>>       
>>>>         
>>> solutions
>>>   
>>>     
>>>       
>>>> - Holders of the RoSPA Health & Safety Gold Medal 2006/2007
>>>>
>>>> Northumberland House
>>>>
>>>> 15 Petersham Road
>>>>
>>>> Richmond-upon-Thames
>>>>
>>>> Surrey TW10 6TP
>>>>
>>>> *www.mailsource.co.uk <http://www.mailsource.co.uk/>*
>>>>
>>>> *MailSource UK Limited *
>>>>
>>>> - Europe's leading specialist in integrated document delivery
>>>>     
>>>>       
>>>>         
>>> solutions
>>>   
>>>     
>>>       
>>>> - Holders of the RoSPA Health & Safety Gold Medal 2006/2007
>>>>
>>>> Northumberland House
>>>>
>>>> 15 Petersham Road
>>>>
>>>> Richmond-upon-Thames
>>>>
>>>> Surrey TW10 6TP
>>>>
>>>> *www.mailsource.co.uk <http://www.mailsource.co.uk/>*
>>>>
>>>>     
>>>>       
>>>>         
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server 
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>> MailSource UK Limited     
>>>
>>> - Europe's leading specialist in integrated document delivery 
>>> solutions
>>> - Holders of the RoSPA Health & Safety Gold Medal 2006/2007
>>>  
>>> Northumberland House           
>>> 15 Petersham Road                
>>> Richmond-upon-Thames         
>>> Surrey    TW10 6TP                
>>>                                                
>>>  
>>> www.mailsource.co.uk
>>>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server
>>>     
>>>       
>> Project.
>>   
>>     
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>>   
>>>     
>>>       
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>> MailSource UK Limited     
>>
>> - Europe's leading specialist in integrated document delivery
>>     
> solutions
>   
>> - Holders of the RoSPA Health & Safety Gold Medal 2006/2007
>>  
>> Northumberland House           
>> 15 Petersham Road                
>> Richmond-upon-Thames         
>> Surrey    TW10 6TP                
>>                                                
>>  
>> www.mailsource.co.uk
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>>     
> Project.
>   
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>   
>>     
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> MailSource UK Limited     
>
> - Europe's leading specialist in integrated document delivery solutions
> - Holders of the RoSPA Health & Safety Gold Medal 2006/2007
>  
> Northumberland House           
> 15 Petersham Road                
> Richmond-upon-Thames         
> Surrey    TW10 6TP                
>                                                
>  
> www.mailsource.co.uk
> Please consider the environment before printing this e-mail. Thank you.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>   


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message