[mod_python] just authenhandler SOLVED

John Calixto John.Calixto at watchguard.com
Tue May 6 15:36:15 EDT 2008

> > This works for me:
> > 
> >         <Location /pyauthtest >
> >                 AuthType                Py
> >                 Options                 Indexes ExecCGI
> >                 PythonAuthenHandler     pyauthhandler
> >                 PythonDebug             On
> >                 PythonOption            Groups Foo,Bar,Baz
> >                 PythonOption            ServerRoot  
> /var/www/instance
> >                 require                 valid-user
> >         </Location>
> > 
> Thanks Ari.
> Do you also have a <Directory> stanza in your apache config?  
> Or are you doing some magic with the ServerRoot value to 
> effectively build up an index yourself?
> John

OK, I found something that works for me.  Ari's configuration prompted
me to try removing the SetHandler directive.  By using just the
PythonAuthenHandler and PythonAuthzHandler directives, I got the desired
effect.  It makes sense - I just didn't understand how Set/AddHandler
interacted with the rest of mod_python.

Here's my final, working configuration:

<VirtualHost *>
	ServerAdmin webmaster at localhost
	DocumentRoot /var/www/
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	<Directory /var/www/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all

            # Notice no SetHandler directive!
		AuthType customauth
		PythonAuthenHandler apacheauth
		PythonAuthzHandler apacheauth
		PythonPath "sys.path+['/home/user/customauth']"
		PythonDebug On
		Require customauth::valid-user

	ErrorLog /var/log/apache2/error.log
	LogLevel debug

	CustomLog /var/log/apache2/access.log combined
	ServerSignature On



from mod_python import apache
import authenticators
import base64

AUTHTYPE = 'customauth'
AUTHNAME = 'Custom Auth'
authen = authenticators.authen_shadow

def authenhandler(req):
    req.ap_auth_type = AUTHTYPE
    auth_header = req.headers_in.get('Authorization')
    if auth_header:
        decoded = base64.b64decode(auth_header.split()[-1])
        username, password = decoded.split(':')
        if authen(username, password):
            req.log_error("authenticated!", apache.APLOG_DEBUG)
            req.user = username
            return apache.OK
    req.log_error("not authenticated!", apache.APLOG_DEBUG)
    req.err_headers_out['WWW-Authenticate'] = 'Basic realm="%s"' %
    return apache.HTTP_UNAUTHORIZED

def authzhandler(req):
    if req.user:
        # do any extra checking against groups, requires, etc.
        req.log_error("authorized user %s" % req.user,
        return apache.OK
    return apache.HTTP_UNAUTHORIZED


Maybe I missed it in the documentation, but it would be really nice to
have something stating the interaction between AddHandler/SetHandler,
and mod_python.

Thanks for reading,


More information about the Mod_python mailing list