|
Jim Gallacher
jpg at jgassociates.ca
Sat Apr 22 15:22:36 EDT 2006
Graham Dumpleton wrote: > Add to config: > > AuthAuthoritative Off That doesn't really make sense to me. Nothing like this is mentioned for other auth modules like mod_auth_ldap. > Require dummy > > The value to Require cannot be: > > valid-user > user ??? > group ??? > > it has to be something of your own creation that your authz handler then > interprets. > > I am noting that authzhandler() can't return DECLINED, but must be OK, > or presumable HTTP_UNAUTHORIZED. Returning DECLINED results in 500 > error and: > > [Fri Apr 21 12:10:43 2006] [crit] [client ::1] configuration error: couldn't check access. No groups file?: /~grahamd/authz/index.py > I've worn my fingers to bloody stumps trying every directive that seems even vaguely related to authentication or authorization and I just can't get my authzhandler to fire. Well, screw it, I thought. I'll just use a stacked handler: PythonAuthenHandler mprest.auth mprest.auth::authzhandler This works just fine, although I'd prefer to use PythonAuthzHandler as it makes the intention clearer, but I've wasted enough time on this already. So I'm working away, watching the "new module loader" thread float by on the the mailing list and I say to myself, "Gee, I really should turn on the new importer to give it a bit of a workout". I turn it on, and give my authen/authz login function a whirl... and... Aaaaahhhhhrrrrggggg..... It sails right past the second handler in the stack - mprest.auth::authzhanlder is ignored. Putting them in separate directives makes no difference: PythonAuthenHandler mprest.auth PythonAuthenHandler mprest.auth::authzhandler No joy. (And of course PythonAuthzHandler is a lost cause for me). I've decided that there is some powerful supernatural force that does not want me to do authorization testing. I think discussion of this should be shifted to the python-dev list as importer.py is only in the development branch at this time. Jim
|