[mod_python] mod_python on / and authentication on /login (using trac)

Axel Thimm Axel.Thimm at ATrpms.net
Thu Mar 22 20:19:38 EST 2007


On Thu, Mar 22, 2007 at 08:26:43PM +0100, Axel Thimm wrote:
> On Thu, Mar 22, 2007 at 11:28:10AM +1100, Graham Dumpleton wrote:
> > BTW, it would help if you just sent the bits of the configuration you
> > are using.
> 
> OK, see below.
> 
> > That Trac ticket shows using file based basic authentication, but
> > your posts on Trac users group show you trying to use LDAP backed
> > basic authentication. Have you tried it with file based basic
> > authentication instead of LDAP to eliminate that LDAP isn't the
> > problem, especially since you are setting:
> 
> Yes, see below for a tidy example.
> 
> > On 22/03/07, Graham Dumpleton <graham.dumpleton at gmail.com> wrote:
> > >Do you have any Alias, ScriptAlias or Location directives (normal or
> > >match type) defined outside of the VirtualHost containers?
> > >Do you have any other Auth type or mod_python directives outside of
> > >the VirtualHost container?
> 
> No, everything is contained in VirtualHosts.
> 
> 
> Here is the config (hostname masked away):
> 
> <VirtualHost XXX.XXX.XXX:80>
>   ServerName XXX.XXX.XXX
> 
>   DocumentRoot /ext/test/empty
> 
>   <Location "/">
>     Order allow,deny
>     Allow from all
>   </Location>
> 
>   <Location "/">
>     SetHandler mod_python
>     PythonPath "sys.path+['/opt/TWWfsw/trac010/lib/python242']"
>     PythonHandler trac.web.modpython_frontend
>     PythonOption TracEnv /ext/test/trac
>     PythonOption TracUriRoot /
>   </Location>
> 

The weird thing is that if I use another SetHandler like none or
server-status in the /login section below it is ignored as well. How
can SetHandler mod_python survive into the next Location section if
explicitly passed to another handler?

And if I start commenting lines in the section "/" above it starts
working the moment I turn off trac (but still keep SetHandler
mod_python).

I don't understand how the Location sections get mixed up like they
do. Doesn't this sound like an apache bug?

>   <Location /login>
>     AuthType Basic
>     AuthName "MyCompany Trac Server"
>     AuthUserFile /ext/test/.htpasswd
>     Require valid-user
>   </Location>
> 
>   ErrorLog \
>     /var/opt/TWWfsw/httpd222/log/XXX.XXX.XXX/error
>   CustomLog \
>     /var/opt/TWWfsw/httpd222/log/XXX.XXX.XXX/access common
> </VirtualHost>
> 
> 
> > >On 22/03/07, Axel Thimm <Axel.Thimm at atrpms.net> wrote:
> > >> Hi,
> > >>
> > >> On Thu, Mar 22, 2007 at 08:38:21AM +1100, Graham Dumpleton wrote:
> > >> > On 22/03/07, Axel Thimm <Axel.Thimm at atrpms.net> wrote:
> > >> > >Hi,
> > >> > >
> > >> > >I'm fighting against a strange issue with a setup that involves having
> > >> > >mod_python on Location "/" and authenticating only on certain URLs
> > >> > >like /login. This is for example the typical setup for a trac
> > >> > >dedicated site, see
> > >> > >
> > >> > >http://trac.edgewall.org/ticket/3821
> > >> > >
> > >> > >for the background. It doesn't happen if mod_python/trac is hooked on
> > >> > >"/trac" and the authentication on "/trac/login".
> > >> > >
> > >> > >The combinations that are known to exhibit or not this error are
> > >> > >
> > >> > >httpd modpython trac     works
> > >> > >2.2.3 3.6.20    0.10     no
> > >> > >2.2.2 3.3.1     0.10.3   no
> > >> > >2.2.3 3.2.8     0.10.3.1 yes
> > >> > >2.2.2 3.2.10    0.10.3   no
> > >> > >
> > >> > >Any ideas what's going wrong or how I could debug this further?
> > >> >
> > >> > I'm not surprised it doesn't work with mod_python 3.6.20 as no such
> > >> > version exists.
> > >> >
> > >> > Have you tried setting your DocumentRoot to somewhere outside of your
> > >> > Trac instance. I'd suggest doing that what would be a bad idea to
> > >> > start with as the presence of directories/files in there can sometimes
> > >> > interfere with Apache's matching algorithms for locations. Set it
> > >> > instead to some empty directory elsewhere if you aren't going to serve
> > >> > any static files out of document root.
> > >>
> > >> Yes, that's how the setup already was. It was pointing to a folder
> > >> with only favicon.ico inside.
> > >>
> > >> > Also, have you tried changing the order of the two Location
> > >> > directives, ie., those for '/' and '/login' so the later is actually
> > >> > first. It shouldn't in practice matter, but some Apache configuration
> > >> > entries are order dependent.
> > >>
> > >> Yes, I tried that, I even replicated the /login section before and
> > >> after the / section. The only way I can get it to work is to move the
> > >> trac instance further into the URL space, e.g. /trac and /trac/login
> > >> instead of / and /login.
> > >>
> > >>
> > >
> > _______________________________________________
> > Mod_python mailing list
> > Mod_python at modpython.org
> > http://mailman.modpython.org/mailman/listinfo/mod_python
> 



> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python


-- 
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/mod_python/attachments/20070323/2b3d8ba2/attachment.bin


More information about the Mod_python mailing list