[mod_python] mod_python on / and authentication on /login (using trac)

Axel Thimm Axel.Thimm at ATrpms.net
Thu Mar 22 14:26:43 EST 2007


On Thu, Mar 22, 2007 at 11:28:10AM +1100, Graham Dumpleton wrote:
> BTW, it would help if you just sent the bits of the configuration you
> are using.

OK, see below.

> That Trac ticket shows using file based basic authentication, but
> your posts on Trac users group show you trying to use LDAP backed
> basic authentication. Have you tried it with file based basic
> authentication instead of LDAP to eliminate that LDAP isn't the
> problem, especially since you are setting:

Yes, see below for a tidy example.

> On 22/03/07, Graham Dumpleton <graham.dumpleton at gmail.com> wrote:
> >Do you have any Alias, ScriptAlias or Location directives (normal or
> >match type) defined outside of the VirtualHost containers?
> >Do you have any other Auth type or mod_python directives outside of
> >the VirtualHost container?

No, everything is contained in VirtualHosts.


Here is the config (hostname masked away):

<VirtualHost XXX.XXX.XXX:80>
  ServerName XXX.XXX.XXX

  DocumentRoot /ext/test/empty

  <Location "/">
    Order allow,deny
    Allow from all
  </Location>

  <Location "/">
    SetHandler mod_python
    PythonPath "sys.path+['/opt/TWWfsw/trac010/lib/python242']"
    PythonHandler trac.web.modpython_frontend
    PythonOption TracEnv /ext/test/trac
    PythonOption TracUriRoot /
  </Location>

  <Location /login>
    AuthType Basic
    AuthName "MyCompany Trac Server"
    AuthUserFile /ext/test/.htpasswd
    Require valid-user
  </Location>

  ErrorLog \
    /var/opt/TWWfsw/httpd222/log/XXX.XXX.XXX/error
  CustomLog \
    /var/opt/TWWfsw/httpd222/log/XXX.XXX.XXX/access common
</VirtualHost>


> >On 22/03/07, Axel Thimm <Axel.Thimm at atrpms.net> wrote:
> >> Hi,
> >>
> >> On Thu, Mar 22, 2007 at 08:38:21AM +1100, Graham Dumpleton wrote:
> >> > On 22/03/07, Axel Thimm <Axel.Thimm at atrpms.net> wrote:
> >> > >Hi,
> >> > >
> >> > >I'm fighting against a strange issue with a setup that involves having
> >> > >mod_python on Location "/" and authenticating only on certain URLs
> >> > >like /login. This is for example the typical setup for a trac
> >> > >dedicated site, see
> >> > >
> >> > >http://trac.edgewall.org/ticket/3821
> >> > >
> >> > >for the background. It doesn't happen if mod_python/trac is hooked on
> >> > >"/trac" and the authentication on "/trac/login".
> >> > >
> >> > >The combinations that are known to exhibit or not this error are
> >> > >
> >> > >httpd modpython trac     works
> >> > >2.2.3 3.6.20    0.10     no
> >> > >2.2.2 3.3.1     0.10.3   no
> >> > >2.2.3 3.2.8     0.10.3.1 yes
> >> > >2.2.2 3.2.10    0.10.3   no
> >> > >
> >> > >Any ideas what's going wrong or how I could debug this further?
> >> >
> >> > I'm not surprised it doesn't work with mod_python 3.6.20 as no such
> >> > version exists.
> >> >
> >> > Have you tried setting your DocumentRoot to somewhere outside of your
> >> > Trac instance. I'd suggest doing that what would be a bad idea to
> >> > start with as the presence of directories/files in there can sometimes
> >> > interfere with Apache's matching algorithms for locations. Set it
> >> > instead to some empty directory elsewhere if you aren't going to serve
> >> > any static files out of document root.
> >>
> >> Yes, that's how the setup already was. It was pointing to a folder
> >> with only favicon.ico inside.
> >>
> >> > Also, have you tried changing the order of the two Location
> >> > directives, ie., those for '/' and '/login' so the later is actually
> >> > first. It shouldn't in practice matter, but some Apache configuration
> >> > entries are order dependent.
> >>
> >> Yes, I tried that, I even replicated the /login section before and
> >> after the / section. The only way I can get it to work is to move the
> >> trac instance further into the URL space, e.g. /trac and /trac/login
> >> instead of / and /login.
> >>
> >>
> >
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python

-- 
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/mod_python/attachments/20070322/46eff9f0/attachment.bin


More information about the Mod_python mailing list