httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Phil Endecott" <spam_from_apache_user...@chezphil.org>
Subject Re: [users@httpd] authn_dbd: what format for encrypted password? [dbd now broken]
Date Mon, 20 Aug 2007 23:08:11 GMT
Dear All,

I'm trying to set up auth with postgresql...

Laurent FAILLIE wrote:
> My only advice is to not use it as it doesn't work :-(

Yesterday I thought it was working, but since then it has fallen apart
and I'm wondering if Laurent might be right after all...

Yesterday I was running 2.2.3 (Debian package).  It was working.  This
evening I upgraded to 2.2.4 (still Debian). (Why? "If it ain't broken,
don't fix it."  I should remember that, but it's too late now.)
Although the rest of the system still works, pgsql auth has failed.

My configuration currently looks like this (slightly edited):

<VirtualHost x.y.z.z:443>
          ServerName xxxxx

          DBDriver pgsql
          DBDParams "dbname=xxxx user=xxxx"
          DBDExptime 100
          DBDKeep 1
          DBDMax 5
          DBDMin 1
          DBDpersist on
          # Note docs say 0|1 for persist, but it actually wants on|off

          DocumentRoot /var/www/xxxx
          <Directory /var/www/xxxx>
                  Options FollowSymLinks MultiViews +ExecCGI +Includes
                  AllowOverride All
                  AddHandler cgi-script cgi
                  DirectoryIndex index
                  Order allow,deny
                  allow from all
                  AddOutputFilterByType DEFLATE text/html text/plain
text/css text/javascript
                  AuthName "xxxx"
                  AuthType basic
                  AuthPAM_Enabled off
                  AuthBasicProvider dbd
                  AuthDBDUserPWQuery "select
'{SHA}'||encode(digest(decode(password_b64,'base64'),'sha1'),'base64')
from users where username=$1 and enabled"
                  require valid-user
          </Directory>

          SSLEngine on
          SSLCertificateFile xxxx

          ErrorLog /var/log/apache2/xxxxx/error.log
          LogLevel warn

          CustomLog /var/log/apache2/xxxx/access.log combined
          ServerSignature On

</VirtualHost>


Yesterday I had "DBDpersist off", and no exptime, keep, min or max
parameters.  I tried that at first with 2.2.4, with the following symptoms:

In the error log:
[Mon Aug 20 23:52:14 2007] [error] [client 86.6.8.194] No DBD Authn configured!

In the postgresql log, I see a connection, authorisation and immediate
disconnection, without any query being executed:

2007-08-20 23:52:30 BST LOG:  connection received: host=[local]
2007-08-20 23:52:30 BST LOG:  connection authorized: user=xxxx database=xxxx
2007-08-20 23:52:30 BST LOG:  disconnection: session time: 0:00:00.040
user=xxxx database=xxxx host=[local]

I then tried the "persist on" settings shown above.  This fails in a
different way.  Nothing else in this configuration has changed since it
was working yesterday with 2.2.3, and the postgresql configuration has
not changed.

With "persist on", the symptom is that I see this in the error log:
[Mon Aug 20 23:12:29 2007] [error] [client 86.6.8.194] Error looking up
phil in database

In the postgresql log, I see *nothing at all*.  This log records
something even if I just telnet to the right port number, which makes
me think that Apache isn't attempting to connect at all.  I have tried
to debug with strace, and although it's hard to see what is going on I
can't see any attempts to open a database connection.  lsof -i and lsof
-U don't appear to show any connection either.


So: Can anyone see anything obviously wrong with the configuration
shown above?  I'm aware that there may be some known issues with this
stuff, but are there any known *regressions* from 2.2.3 to 2.2.4?  Was
I just lucky before?  How can I debug further?  Is there a way to get
verbose debug out of mod_dbd?  (I have tried "loglevel debug" but that
doesn't add anything.)


Many thanks for any advice.

Phil.








---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message