Home :: Projects :: Mozdev

Using mod_auth_mysql for Apache authentication for serving Mercurial

By silfreed - Posted on April 17th, 2008
Tagged:  •  

I'm trying to hgwebdir.cgi setup and that part is going pretty well; I have a default config file that is being loaded by the script and serving a collection of repositories properly.

What I'm having problems with is configuring authentication. I'm using mod_auth_mysql to try to do authentication under Apache 2.2, but something is getting in the way.

I have the LoadModule mysql_auth_module ahead of all other auth* modules and AuthBasicAuthoritative Off set, but I still can't get authenticated.

Here's a snippet of our virtualhost to do Mercurial hosting; does anyone have any experience with mod_auth_mysql under Apache 2.2? Most things I'm finding on the 'net seem to indicate that it should work, but it's not for me.


        <LocationMatch /\w+/>
                # authentication
                AuthType Basic
                AuthName "Mozdev Mercurial Repositories"

                <IfModule mysql_auth_module>
                        AuthBasicAuthoritative Off
                        AuthMySQLAuthoritative On
                        AuthMySQLEnable On

                        AuthMySQLHost localhost
                        AuthMySQLUser authuser
                        AuthMySQLPassword authpass
                        AuthMySQLDB db

                        AuthMySQLUserTable "`users`"
                        AuthMySQLNameField "`username`"
                        AuthMySQLPasswordField "`password`"
                        AuthMySQLPwEncryption [method]
                        AuthMySQLUserCondition "active = 1"
                </IfModule>
                <LimitExcept GET>
                        Require valid-user
                </LimitExcept>
        </LocationMatch>
silfreed's blog
Re: Using mod_auth_mysql for Apache
Submitted by Nils Maier (not verified) on Thu, 2008/04/17 - 17:27.

Apache 2.2 changed all the auth stuff.

You shouldn't be using mod_auth_mysql but mod_auth_dbd which should come with apache IIRC.
http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html
Your need to set an AuthBasicProvider to dbd
AuthBasicAuthoritative / AuthMysqlAuthoritative isn't really of any use.

reply
Re: Using mod_auth_mysql for Apache
Submitted by silfreed on Fri, 2008/04/18 - 08:11.

Unfortunately mod_authn_dbd is really just a shell of an auth mechanism; it doesn't provide nearly the flexibilty that mod_auth_mysql does.

AuthBasicAuthoritative is described as doing exactly what I need; disable the new authn modules; and AuthMysqlAuthoritative is provided by mod_auth_mysql.

As I said, many others have said that this module /can/ work in Apache 2.2 with a similar config to what I posted, but I just can't seem to get it to click.

Any auth debugging settings would also be greatly appreciated; if I can see where the auth is being denied it'll be much easier for me to figure out how to fix it.

reply
Re: Using mod_auth_mysql for Apache authentication
Submitted by silfreed on Fri, 2008/04/18 - 12:05.

Eureka! After doing some more debugging and watching logs, I realized that the auth was succeeding, but I didn't have 'allow-push' enabled in the .hgrc file so the hgwebdir.cgi script was returning the 401 unauthorized. mod_auth_mysql works great!

reply

Post new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
This question is used to make sure you are a human visitor and to prevent spam submissions.
Syndicate content