[mod_python] just authenhandler

John Calixto John.Calixto at watchguard.com
Tue May 6 14:01:22 EDT 2008

Hi folks,

I'm trying to write an Apache handler just for authentication.  I have a
Python module that basically aggregates several user databases and
checks a username+password against the superset of users.

I can't seem to get any of the standard content handlers to process
things normally post-authentication.  Is there some example of an
authentication-only setup?  I'm interested in both the mod_python
handler implementation and the apache configuration.

With my current configuration, my Apache log shows:

... [error] [client] Attempt to serve directory:

If I disable my mod_python configuration from the <Directory /var/www/>
stanza, then mod_dir and/or mod_autoindex act normally.

Here's what I have now:

NameVirtualHost *
<VirtualHost *>
	ServerAdmin webmaster at localhost
	DocumentRoot /var/www/
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	<Directory /var/www/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
		SetHandler mod_python
		PythonHandlerModule apacheauth
		PythonPath "sys.path+['/home/user/customauth']"
		PythonDebug On
		AuthType apacheauth
		Require customauth::valid-user

	ErrorLog /var/log/apache2/error.log
	LogLevel debug
	CustomLog /var/log/apache2/access.log combined
	ServerSignature On



from mod_python import apache
import authenticators
import base64

AUTHTYPE = 'apacheauth'
AUTHNAME = 'filez'
authen = authenticators.authen_shadow

def authenhandler(req):
    req.ap_auth_type = AUTHTYPE
    auth_header = req.headers_in.get('Authorization')
    req.log_error("auth_header [%s]" % auth_header, apache.APLOG_DEBUG)
    if auth_header:
        decoded = base64.b64decode(auth_header.split()[-1])
        username, password = decoded.split(':')
        if authen(username, password):
            req.log_error("authenticated!", apache.APLOG_DEBUG)
            req.user = username
            return apache.OK
    req.log_error("not authenticated!", apache.APLOG_DEBUG)
    req.err_headers_out['WWW-Authenticate'] = 'Basic realm="%s"' %
    return apache.HTTP_UNAUTHORIZED

def authzhandler(req):
    if req.user:
        req.log_error("authz handler user %s" % req.user,
        return apache.OK
    return apache.HTTP_UNAUTHORIZED


Any pointers would be greatly appreciated.



More information about the Mod_python mailing list