[Moin-user] http authentication works with Apache but not MoinMoin
Geoff Mayes
gmayes at vmware.com
Mon Jun 11 20:54:07 EDT 2007
Hi again Thomas,
Thank you very much for continuing to look into this. I am pleased to report
that HTTP Authentication is now working with MoinMoin!
Per your questions I was prompted to rethink the way the http auth and the
wiki directories, and symlinked directories, were specified in Apache. What
I found out was that the <Location /> directive used by authz_ldap.conf to
lock down a directory had to match the directory specified in the Virtual
Host container which pointed to where the moin.fcg or moin.cgi script was
located (which I'm guessing then allows these two scripts to pick up the
REMOTE_USER and AUTH_TYPE environment variables).
That is, when http auth was not working, it was because my location looked
like "<Location /wiki>" while the RewriteRule in the Virtual Host container
was for the "/" (root) directory -- "Rewrite Rule ^(.*)$
/wiki/server/moin.fcg$1". When I changed the location directive to
"<Location />" so it matched the rewrite rule and restarted Apache, I could
log into MoinMoin via authz_ldap and MoinMoin displayed my username up top
and auto-created my profile.
Now if there was only a way that users could gracefully and easily (instead
of clearing their cache or closing their browser) log out of their http
authenticated session ...
Thank you again Thomas.
Kind regards, Geoff
> -----Original Message-----
> From: moin-user-bounces at lists.sourceforge.net
> [mailto:moin-user-bounces at lists.sourceforge.net] On Behalf Of
> Thomas Waldmann
> Sent: Monday, June 11, 2007 5:59 AM
> To: moin-user at lists.sourceforge.net
> Subject: Re: [Moin-user] http authentication works with
> Apache butnot MoinMoin
>
> > Yes. If /test contains htdocs/ underlay/ server/ and data/, should
> > Apache require http auth on the /test directory or one of
> the other directories?
> >
> >> Does the above mean you put data/ under documentroot?
> >
> > No.
>
> Apache should not access anything else than moin.cgi (or moin.fcg or
> ...) and the htdocs (css, img, js) stuff.
>
> Under no circumstances apache should (give) access (to) data/
> directory.
>
> > "User_autocreate = True" will create a new user preferences
> file for a
> > user that hasn't logged in before and will load an existing
> file for a
> > user who has logged in prior, and all this will work with http auth?
>
> It should.
>
> > I verifed the AUTH_TYPE and REMOTE_USER environment
> variables by http
> > auth protecting a different directory and then accessing a
> script in
> > that directory, which prints out all %ENV variables:
> >
> > AUTH_TYPE = Basic
> > REMOTE_USER = gmayes
>
> Does this also work when you name your script moin.cgi and
> put it into the same place as the real moin.cgi is?
>
> If yes, please change the auth.py to read:
>
> def http(...):
> ...
> elif not isinstance(request, RequestCLI):
> env = request.env
> request.log(repr(env)) <- add this line
> ...
>
> And then look into your log. You can add more request.log()
> calls at other places to see why it does not work for you.
>
>
> --------------------------------------------------------------
> -----------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Moin-user mailing list
> Moin-user at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/moin-user
>
More information about the Moin-user
mailing list