[mod_python] PythonAuthzHandler not working

Jim Gallacher jpg at jgassociates.ca
Sat Apr 22 15:22:36 EDT 2006


Graham Dumpleton wrote:
> Add to config:
> 
>   AuthAuthoritative Off

That doesn't really make sense to me. Nothing like this is mentioned for 
other auth modules like mod_auth_ldap.

>   Require dummy
> 
> The value to Require cannot be:
> 
>   valid-user
>   user ???
>   group ???
> 
> it has to be something of your own creation that your authz handler then
> interprets.
> 
> I am noting that authzhandler() can't return DECLINED, but must be OK,
> or presumable HTTP_UNAUTHORIZED. Returning DECLINED results in 500
> error and:
> 
> [Fri Apr 21 12:10:43 2006] [crit] [client ::1] configuration error:  couldn't check access.  No groups file?: /~grahamd/authz/index.py
> 

I've worn my fingers to bloody stumps trying every directive that seems 
even vaguely related to authentication or authorization and I just can't 
get my authzhandler to fire.

Well, screw it, I thought. I'll just use a stacked handler:

   PythonAuthenHandler mprest.auth mprest.auth::authzhandler

This works just fine, although I'd prefer to use PythonAuthzHandler as 
it makes the intention clearer, but I've wasted enough time on this already.

So I'm working away, watching the "new module loader" thread float by on 
the the mailing list and I say to myself, "Gee, I really should turn on 
the new importer to give it a bit of a workout". I turn it on, and give 
my authen/authz login function a whirl... and...

Aaaaahhhhhrrrrggggg.....

It sails right past the second handler in the stack - 
mprest.auth::authzhanlder is ignored. Putting them in separate 
directives makes no difference:

   PythonAuthenHandler mprest.auth
   PythonAuthenHandler mprest.auth::authzhandler

No joy. (And of course PythonAuthzHandler is a lost cause for me).

I've decided that there is some powerful supernatural force that does 
not want me to do authorization testing.

I think discussion of this should be shifted to the python-dev list as 
importer.py is only in the development branch at this time.

Jim







More information about the Mod_python mailing list