[mod_python] problem w/ authen handler

Graham Dumpleton grahamd at dscpl.com.au
Thu May 19 18:52:10 EDT 2005

On 20/05/2005, at 12:27 AM, Bud P. Bruegger wrote:

> I'm a beginner and hope someone can straighten me out.
> I am trying to write a simple handler that clicks in after mod-ssl has 
> requested a certificate from the client.  Depending on the type of 
> client token (European eID cards), I'd like the handler to look at the 
> client's subject DN derive (by string manipulation or by lookup) a 
> nationally unique ID for the card holder.
> Sounds simple enough--but I can't get it to work.  I tried both, the 
> authen and the authz handlers.  But neither from mod-ssl's 
> +fakeBasicAuth nor from the handlers req.user = 'xxx' do I get a 
> REMOTE_USER env variable set.  Also the test evironment variable that 
> I try to set in the authen/authz handler doesn't have effect.

Normally the authenhandler will only be called if the Apache 
configuration has
something like:

   AuthType Basic
   AuthName "Restricted Files"
   AuthUserFile /Users/grahamd/Sites/auth/pwdb

Ie., it is triggered of the presence of these special Auth options. 
the authzhandler only get called if other appropriate options for it are
defined. Your SSL stuff doesn't seem to fit under that model and so the
handlers may simply not be getting called.

> Does this possibly mean that the authen/authz handlers are not called 
> at all in my configuration?  Should I use a different handler and 
> which?  Or did I simply mess up something else?

Try adding a req.log_error() call in the handlers to see if they get 
called or not.
Message will be in the Apache error log file.

Does your code work if you move what you have in the authenhandler into 
the start
of your actual handler function? Ie., does the concept at least work?

As a fudge, you could always stick it in the accesshandler, which from 
memory is
always called if defined.


More information about the Mod_python mailing list