[Moin-user] http authentication works with Apache but not MoinMoin

solo turn soloturn at gmail.com
Tue Aug 7 11:39:41 EDT 2007 

you say you use basic auth? this would mean the browser sends the user
on every request until you tell it not to.

therfor log out would be a browser thing, to my knowledge only firefox
offers an add on "web developer" where you can go to "miscellaneous -
clear private data - http authentication".

On 6/12/07, Geoff Mayes <gmayes at vmware.com> wrote:
> Hi again Thomas,
>
> Thank you very much for continuing to look into this.  I am pleased to report
> that HTTP Authentication is now working with MoinMoin!
>
> Per your questions I was prompted to rethink the way the http auth and the
> wiki directories, and symlinked directories, were specified in Apache.  What
> I found out was that the <Location /> directive used by authz_ldap.conf to
> lock down a directory had to match the directory specified in the Virtual
> Host container which pointed to where the moin.fcg or moin.cgi script was
> located (which I'm guessing then allows these two scripts to pick up the
> REMOTE_USER and AUTH_TYPE environment variables).
>
> That is, when http auth was not working, it was because my location looked
> like "<Location /wiki>" while the RewriteRule in the Virtual Host container
> was for the "/" (root) directory -- "Rewrite Rule ^(.*)$
> /wiki/server/moin.fcg$1".  When I changed the location directive to
> "<Location />" so it matched the rewrite rule and restarted Apache, I could
> log into MoinMoin via authz_ldap and MoinMoin displayed my username up top
> and auto-created my profile.
>
> Now if there was only a way that users could gracefully and easily (instead
> of clearing their cache or closing their browser) log out of their http
> authenticated session ...
>
> Thank you again Thomas.
>
> Kind regards, Geoff
>
>
> > -----Original Message-----
> > From: moin-user-bounces at lists.sourceforge.net
> > [mailto:moin-user-bounces at lists.sourceforge.net] On Behalf Of
> > Thomas Waldmann
> > Sent: Monday, June 11, 2007 5:59 AM
> > To: moin-user at lists.sourceforge.net
> > Subject: Re: [Moin-user] http authentication works with
> > Apache butnot MoinMoin
> >
> > > Yes.  If /test contains htdocs/ underlay/ server/ and data/, should
> > > Apache require http auth on the /test directory or one of
> > the other directories?
> > >
> > >> Does the above mean you put data/ under documentroot?
> > >
> > > No.
> >
> > Apache should not access anything else than moin.cgi (or moin.fcg or
> > ...) and the htdocs (css, img, js) stuff.
> >
> > Under no circumstances apache should (give) access (to) data/
> > directory.
> >
> > > "User_autocreate = True" will create a new user preferences
> > file for a
> > > user that hasn't logged in before and will load an existing
> > file for a
> > > user who has logged in prior, and all this will work with http auth?
> >
> > It should.
> >
> > > I verifed the AUTH_TYPE and REMOTE_USER environment
> > variables by http
> > > auth protecting a different directory and then accessing a
> > script in
> > > that directory, which prints out all %ENV variables:
> > >
> > > AUTH_TYPE = Basic
> > > REMOTE_USER = gmayes
> >
> > Does this also work when you name your script moin.cgi and
> > put it into the same place as the real moin.cgi is?
> >
> > If yes, please change the auth.py to read:
> >
> > def http(...):
> > ...
> >      elif not isinstance(request, RequestCLI):
> >          env = request.env
> >          request.log(repr(env))         <- add this line
> >          ...
> >
> > And then look into your log. You can add more request.log()
> > calls at other places to see why it does not work for you.
> >
> >
> > --------------------------------------------------------------
> > -----------
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > _______________________________________________
> > Moin-user mailing list
> > Moin-user at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/moin-user
> >
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Moin-user mailing list
> Moin-user at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/moin-user
>

More information about the Moin-user mailing list