[Moin-user] Problem with GivenAuth configuration, through Apache digest?

fero14041 fero14041 at gmail.com
Tue Nov 6 15:13:31 EST 2012 

Hi, list!

Trying to use Apache authentication to log users to a fresh
installed instance of MoinMoin, I did not succeed, probably
due to a misunderstood configuration. Could you help me, please,
found my mistakes?

[Context]
For a little newbeeing French non-profit organization, dedicated to
people without employment and searching for, I try to afford some
useful services to help our work, specially on the Web.
And an instance of a MoinMoin's wiki could help us in many ways.

[Wishes]
As there could be other services provided by the server,
such as Mercurial's repositories, an instance of Trac, etc.
I'd like the users to log themselves to each with same shared account
across them (one per user), ideally managed by Apache's digest authentication.
MoinMoin's doc clearly points how this could be possible,
with ``GivenAuth`` authentication method.
This seems to not be sufficient::

    auth = [GivenAuth(autocreate=True)], MoinAuth()]
    auth_methods_trusted = ['given']

[Problem and tries]
I did not succeed in letting Apache give
authentication to MoinMoin. I tried:
- different installs (with packages provided by server's distribution,
or from source);
- carefully reading the documentation (many times, perhaps not enough ?-);
- testing different configuration variants;
- searching for similar report in bugs and mailing list archives
(Google Groups) or
- through the web (found few:
http://blog.nyaruka.com/apache2-http-digest-auth-and-moinmoin, also
https://gist.github.com/498124).
So I highly suspected remaining problem simply occurs in a bad configuration.

[Tech. context]
This server runs on Debian Squeeze (up to date),
web pages are served by Apache (2.2.16-6+squeeze8), mod_wsgi (3.3-2)
and Python 2.6.6

[Demonstration]
In order to give you most informations,
configuration template files used are provided at:
    http://moin.poeulfs.org/hg/pb_apache_digest_auth/file/tip/
and specially ``etc/wikiconfig.py`` for Moin instance config.,
and ``etc/httpd.conf`` for Apache's one.
I also put two instances of Moin from different version, and same config,
one at version 1.9.4 provided by Debian package (in current Squeeze backports),
and the other in a dedicated virtualenv with latest stable release 1.9.5.:
    http://moin.poeulfs.org/test/moin194/
    http://moin.poeulfs.org/test/moin195/

For each instance, there are:
- following users and groups:
  - one superuser (``fero14041admin``),
  - one ``AdminGroup`` with one admin user (``admin``, password like login),
  - one ``TestGroup`` with two regular users (``user`` (pwd id.) and
``fero14041``);
  - all default rights are defined in config by::

        acl_rights_default = (u"AdminGroup:read,write,delete,revert "
                              u"TestGroup:read,write "
                              u"All:")

- a theme derived from `modernized`, putting in page's header an additional
  link to ``login`` page and requiring Apache authentication.

Finally, those instances' logs, and specially that related to login,
are readable at:
     http://moin.poeulfs.org/test/viewlogs/logs


So, I would appreciate any help your could provide, to understand
what I am doing wrong ^^;) (or if it's a bug and requires a report)...
and of course share with my users all the power of MoinMoin!
And thank you for reading this long message.

Cheers,

-- fero14041


PS: Please excuse strange wordings and/or phrasings, as English is not
my mother language.

More information about the Moin-user mailing list