[mod_python] [SPAM] PythonAuthenHandler troubles!!!

Graham Dumpleton graham.dumpleton at gmail.com
Fri Sep 5 05:48:18 EDT 2008 

Please keep the discussion on the mailing list.

If Apache doesn't understand AuthAuthoritative then you aren't using
Apache 2.0, but most likely Apache 2.2.

For Apache 2.2 it is AuthBasicAuthoritative.

This suggests your configuration may be wrong in other ways as Apache
2.2 auth configuration is a bit different due to the addition of auth
provider mechanism in 2.2

BTW, the authenhandler() is technically wrong for a lot of reasons and
yes I know that means the mod_python documentation is broken. It may
work, but only because mod_python does some hacks it shouldn't to
catch lazy programmers. :-)

I'd really suggest you use auth mechanism in mod_wsgi instead as doing
it right in mod_python is a PITA and more work than it needs to be.

Graham

2008/9/5 steve boutabi <sideh101 at hotmail.fr>:
> Thank's Graham
>
> When i remove, ''AddHandler mod_python .odt'' it still don't pass the
> authentification to the PythonAuthenHandler
> and it simply open the document, without asking for login and password.
> And if i add a Require valid-user, it asks for login and password, and then
> Show a 500 error Internal error, complaining that there's no AuthUserFile
> which means that the authentification is still done by apache through the
> user files system.
> A solution maybe A AuthAuthoritative Off directive but appache says he
> doesn't understand it
>
> For information the authentification function contains only :
>
> def authenhandler(req):
>     pw = req.get_basic_auth_pw()
>     user = req.user
>
>     if user == "spam" and pw == "eggs":
>        return apache.OK
>     else:
>        return apache.HTTP_UNAUTHORIZED
>
>
>                                                Steven. Paris
>
>
>> Date: Fri, 5 Sep 2008 08:49:24 +1000
>> From: graham.dumpleton at gmail.com
>> To: sideh101 at hotmail.fr
>> Subject: Re: [mod_python] [SPAM] PythonAuthenHandler troubles!!!
>> CC: mod_python at modpython.org
>>
>> 2008/9/5 steve boutabi <sideh101 at hotmail.fr>:
>> > Hi, i'm working on a project in Python in which i have enable reading
>> > and
>> > modifying documents with OpenOffice through WebDav.
>> > The trouble comes when i try to give the authentification phase to
>> > mod-python, it simply doesn't work
>> >
>> > here is my site.conf:
>> > <Directory "/opt/monsite">
>> > Dav On
>> > AddHandler mod_python .odt
>> > PythonAuthenHandler myscript
>> > PythonDebug On
>> > AuthType Basic
>> > AuthName "Mosaic"
>> > <Limit PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
>> > Require valid-user
>> > </Limit>
>> > </Directory>
>> >
>> >
>> >
>> > if i try to add an AuthAuthoritative Off directive, Apache don't start
>> > telling me that this command is misspelled or that some module is
>> > missing.
>> > if i try to add a PythonHandler, i must handle everything, thus i loose
>> > WebDav functionality.
>> >
>> > I want only authentification to be handeled by PythonAuthenHandler the
>> > rest
>> > by Apache-WebDAV
>>
>> If you only want authentication to be handled by mod_python, why do you
>> have:
>>
>> AddHandler mod_python .odt
>>
>> That only applies to content handler phase and may confused DAV.
>>
>> Other than that, don't really understand what you are trying to say in
>> 'don't start telling me that this command is misspelled or that some
>> module is missing'. Also doesn't help that you don't supply what is in
>> your authenhandler.
>>
>> FWIW, if all you are using mod_python for is a custom basic auth
>> provider, you may be better off using mod_wsgi instead as its support
>> for auth providers is simpler to use than doing a full authentication
>> handler for mod_python.
>>
>> See:
>>
>> http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms
>>
>> Graham
>
> ________________________________
> Discutez sur Messenger où que vous soyez ! Mettez Messenger sur votre mobile
> !

More information about the Mod_python mailing list