|
Mitesh Shah
mshah at harpercollege.edu
Mon Feb 9 23:27:52 EST 2009
The AuthType/AuthName are in the .htaccess file inside
/var/www/html/gapps where the html is served:
****.htaccess****
AuthName "AD Authorize Me!"
AuthType Basic
...
****.htaccess****
If I put an .htaccess file in the /var/www/cgi-bin dir the user will get
asked for authentication a second time which I don't want. Am I doing
something wrong with this setup?
****http.conf for cgi-bin****
<Directory "/var/www/cgi-bin">
AllowOverride AuthConfig
Options None
Order allow,deny
Allow from all
</Directory>
****http.conf for cgi-bin****
-----Original Message-----
From: Graham Dumpleton [mailto:graham.dumpleton at gmail.com]
Sent: Monday, February 09, 2009 10:18 PM
To: Mitesh Shah
Cc: mod_python at modpython.org
Subject: Re: [mod_python] req.user always returns None
2009/2/10 Mitesh Shah <mshah at harpercollege.edu>:
>>What is the original Apache configuration block you are using for
>>authentication and where is the CGI script located?
>
> Here is the conf block for the html directory (authentication dir):
>
> ****http.conf****
> <Directory "/var/www/html">
> Options Indexes FollowSymLinks
> AllowOverride AuthConfig
> Order allow,deny
> Allow from all
> </Directory>
> ****http.conf****
>
> Now the actual .htaccess and html files are in /var/www/html/gapps.
>
> My python CGI is in /var/www/cgi-bin.
But where was AuthType/AuthName etc when trying to use CGI scripts?
If that wasn't defined such that it covered directory/location CGI
script access from/as, then authentication wouldn't have been applied
for CGI script.
Graham
> -----Original Message-----
> From: Graham Dumpleton [mailto:graham.dumpleton at gmail.com]
> Sent: Monday, February 09, 2009 9:52 PM
> To: Mitesh Shah
> Cc: mod_python at modpython.org
> Subject: Re: [mod_python] req.user always returns None
>
> 2009/2/10 Mitesh Shah <mshah at harpercollege.edu>:
>> Sorry for the confusion. Well it was initially a CGI and then I
> learned
>> about mod_python. Right now I haven't made any changes to the CGI
> until
>> I learn how mod_python works. And all I need is the username and not
>> the full name. When I tried -- os.environ["REMOTE_USER"] -- it never
>> returned anything. I think I'm just having a hard time understanding
>> the logistics of mod_python.
>
> If you are using os.environ["REMOTE_USER"] inside mod_python handler
> it will not work. Only relevant to CGI scripts. Just making sure we
> are talking about same thing here.
>
>> I call an html and ask for authentication, this should set the cgi
>> variable but since my python CGI is calling python
(#!/usr/bin/python)
>> separately, I don't think it can access the username from the initial
>> authentication.
>
> If you mean that the first line of your CGI script has that line, then
> that is normal and how UNIX knows what interpreter to run for the
> contents of the script.
>
> If REMOTE_USER environment variable is not set for CGI script, then AD
> authentication handler is either not setting 'user' correctly, or the
> CGI script isn't located in the same Directory/Location context for
> which the authentication was enabled.
>
> What is the original Apache configuration block you are using for
> authentication and where is the CGI script located?
>
> Graham
>
>> Which brought me mod_python. Every example I see they change
Apache's
>> httpd.conf to point to the python script. And then this calls
>> req.get_basic_auth_pw() and req.user and I am able to see the
> username.
>> Basically I want the user to authenticate and be presented the html
> form
>> and then post to my CGI(or soon mod_python) and then the python
script
>> would then grab the username via req.user.
>>
>> Thanks for you help so far.
>>
>> -Mitesh
>>
>> -----Original Message-----
>> From: Graham Dumpleton [mailto:graham.dumpleton at gmail.com]
>> Sent: Monday, February 09, 2009 7:21 PM
>> To: Mitesh Shah
>> Cc: mod_python at modpython.org
>> Subject: Re: [mod_python] req.user always returns None
>>
>> 2009/2/10 Mitesh Shah <mshah at harpercollege.edu>:
>>> I will take a look at mod_wsgi. Anyway, looking at the initial post
> I
>>> realized that pw = req.get_basic_auth_pw() came AFTER req.user. I
>> don't
>>> know how many times I had read that this was incorrect and STILL did
>>> it!! Anyway, I got it to work with that change. But this was all
>> just
>>> for testing. But now I realized that I may not be able to use this
>> with
>>> what I want to accomplish.
>>>
>>> 1) Use apache Authorization via .htaccess (which connects to Active
>>> Directory) -- Working
>>> 2) After the user is authenticated I have a form (html) with two
>> fields
>>> that posts to a python script. -- partially working (cannot log
>>> username)
>>
>> When you say script, what is it implemented as, CGI or mod_python?
>>
>> If CGI, then user should be available as REMOTE_USER environment
>> variable. If mod_python then as req.user.
>>
>> If these don't work then the AD module you are using for
>> authentication is broken in not setting 'user' in Apache request
>> structure properly.
>>
>>> The reason I looked into mod_python was that I am trying to pass the
>>> user's name from the initial login to my python script. Any ideas
on
>>> how I could do this?
>>
>> Or are you after full name of user rather than a log in ID?
>>
>> Can you clarify a bit.
>>
>> Graham
>>
>>> Thanks,
>>> Mitesh
>>>
>>> -----Original Message-----
>>> From: Graham Dumpleton [mailto:graham.dumpleton at gmail.com]
>>> Sent: Monday, February 09, 2009 5:35 PM
>>> To: Mitesh Shah
>>> Cc: mod_python at modpython.org
>>> Subject: Re: [mod_python] req.user always returns None
>>>
>>> It is the authentication handlers responsibility, directly or
>>> indirectly, to set req.user, it will not be set before the
>>> authentication handler is called. Setting it is one of the things
> that
>>> a correctly implement authentication handler should do.
>>>
>>> For the way you are doing things, req.user will only be set after:
>>>
>>> pw = req.get_basic_auth_pw()
>>>
>>> is called. Ie., done as a side effect of that call.
>>>
>>> BTW, if you are new to mod_python, you might want to consider
instead
>>> using mod_wsgi, writing your application code as a WSGI application
>>> and using mod_wsgi's much simpler to understand authentication
>>> provider hooks where everything is done for you except for
validating
>>> the user credentials. For the latter see:
>>>
>>> http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms
>>>
>>> Graham
>>>
>>> 2009/2/10 Mitesh Shah <mshah at harpercollege.edu>:
>>>> I am having some issues trying to req.user to return a username. I
>> am
>>> very
>>>> new to python and mod_python. I happened upon this thread:
>>>>
>>>>
>>>>
>>>> http://osdir.com/ml/python.mod_python/2003-10/msg00092.html
> regarding
>>> a
>>>> similar issue.
>>>>
>>>>
>>>>
>>>> Anyway, even when I ran the code posted by "David Hancock" in the
>> post
>>> above
>>>> I only got a "None" for the username in the error_log file. I am
>>> sending
>>>> this in the URL:
>>>>
>>>> "http://localhost/python/mptest"
>>>>
>>>>
>>>>
>>>> Here is the test setup as it applies to me(basically unchanged).
>>>>
>>>>
>>>>
>>>> ******mptest.py*******
>>>>
>>>> from mod_python import apache
>>>>
>>>>
>>>>
>>>> def handler(req):
>>>>
>>>> req.content_type = 'text/plain'
>>>>
>>>> req.send_http_header()
>>>>
>>>> req.write("Hello, world!")
>>>>
>>>> return apache.OK
>>>>
>>>>
>>>>
>>>> def authenhandler(req):
>>>>
>>>> user = req.user
>>>>
>>>> pw = req.get_basic_auth_pw()
>>>>
>>>> req.log_error(str(user) + ' ' + str(pw))
>>>>
>>>> if user == "fred" and pw == "secret":
>>>>
>>>> return apache.OK
>>>>
>>>> else:
>>>>
>>>> return apache.HTTP_UNAUTHORIZED
>>>>
>>>> *******mptest.py******
>>>>
>>>>
>>>>
>>>> *******httpd.conf******
>>>>
>>>> <Directory "/var/www/html/python">
>>>>
>>>> AddHandler python-program .py
>>>>
>>>> PythonHandler mptest
>>>>
>>>> PythonAuthenHandler mptest
>>>>
>>>> AuthType Basic
>>>>
>>>> AuthName "mod_python restricted area"
>>>>
>>>> require valid-user
>>>>
>>>> PythonDebug On
>>>>
>>>> </Directory>
>>>>
>>>> ******httpd.conf*******
>>>>
>>>>
>>>>
>>>> *******error_log*******
>>>>
>>>> [Mon Feb 09 17:10:04 2009] [error] [client 127.0.0.1] None secret
>>>>
>>>> *******error_log*******
>>>>
>>>>
>>>>
>>>> After attempting to login I get a 401 page and then I am asked to
>>> login
>>>> again.
>>>>
>>>>
>>>>
>>>> Any help would be greatly appreciated!
>>>>
>>>>
>>>>
>>>> Thank you,
>>>>
>>>> Mitesh
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Mod_python mailing list
>>>> Mod_python at modpython.org
>>>> http://mailman.modpython.org/mailman/listinfo/mod_python
>>>>
>>>>
>>>
>>
>
|