Mitesh Shah
mshah at harpercollege.edu
Mon Feb 9 23:27:52 EST 2009
The AuthType/AuthName are in the .htaccess file inside /var/www/html/gapps where the html is served: ****.htaccess**** AuthName "AD Authorize Me!" AuthType Basic ... ****.htaccess**** If I put an .htaccess file in the /var/www/cgi-bin dir the user will get asked for authentication a second time which I don't want. Am I doing something wrong with this setup? ****http.conf for cgi-bin**** <Directory "/var/www/cgi-bin"> AllowOverride AuthConfig Options None Order allow,deny Allow from all </Directory> ****http.conf for cgi-bin**** -----Original Message----- From: Graham Dumpleton [mailto:graham.dumpleton at gmail.com] Sent: Monday, February 09, 2009 10:18 PM To: Mitesh Shah Cc: mod_python at modpython.org Subject: Re: [mod_python] req.user always returns None 2009/2/10 Mitesh Shah <mshah at harpercollege.edu>: >>What is the original Apache configuration block you are using for >>authentication and where is the CGI script located? > > Here is the conf block for the html directory (authentication dir): > > ****http.conf**** > <Directory "/var/www/html"> > Options Indexes FollowSymLinks > AllowOverride AuthConfig > Order allow,deny > Allow from all > </Directory> > ****http.conf**** > > Now the actual .htaccess and html files are in /var/www/html/gapps. > > My python CGI is in /var/www/cgi-bin. But where was AuthType/AuthName etc when trying to use CGI scripts? If that wasn't defined such that it covered directory/location CGI script access from/as, then authentication wouldn't have been applied for CGI script. Graham > -----Original Message----- > From: Graham Dumpleton [mailto:graham.dumpleton at gmail.com] > Sent: Monday, February 09, 2009 9:52 PM > To: Mitesh Shah > Cc: mod_python at modpython.org > Subject: Re: [mod_python] req.user always returns None > > 2009/2/10 Mitesh Shah <mshah at harpercollege.edu>: >> Sorry for the confusion. Well it was initially a CGI and then I > learned >> about mod_python. Right now I haven't made any changes to the CGI > until >> I learn how mod_python works. And all I need is the username and not >> the full name. When I tried -- os.environ["REMOTE_USER"] -- it never >> returned anything. I think I'm just having a hard time understanding >> the logistics of mod_python. > > If you are using os.environ["REMOTE_USER"] inside mod_python handler > it will not work. Only relevant to CGI scripts. Just making sure we > are talking about same thing here. > >> I call an html and ask for authentication, this should set the cgi >> variable but since my python CGI is calling python (#!/usr/bin/python) >> separately, I don't think it can access the username from the initial >> authentication. > > If you mean that the first line of your CGI script has that line, then > that is normal and how UNIX knows what interpreter to run for the > contents of the script. > > If REMOTE_USER environment variable is not set for CGI script, then AD > authentication handler is either not setting 'user' correctly, or the > CGI script isn't located in the same Directory/Location context for > which the authentication was enabled. > > What is the original Apache configuration block you are using for > authentication and where is the CGI script located? > > Graham > >> Which brought me mod_python. Every example I see they change Apache's >> httpd.conf to point to the python script. And then this calls >> req.get_basic_auth_pw() and req.user and I am able to see the > username. >> Basically I want the user to authenticate and be presented the html > form >> and then post to my CGI(or soon mod_python) and then the python script >> would then grab the username via req.user. >> >> Thanks for you help so far. >> >> -Mitesh >> >> -----Original Message----- >> From: Graham Dumpleton [mailto:graham.dumpleton at gmail.com] >> Sent: Monday, February 09, 2009 7:21 PM >> To: Mitesh Shah >> Cc: mod_python at modpython.org >> Subject: Re: [mod_python] req.user always returns None >> >> 2009/2/10 Mitesh Shah <mshah at harpercollege.edu>: >>> I will take a look at mod_wsgi. Anyway, looking at the initial post > I >>> realized that pw = req.get_basic_auth_pw() came AFTER req.user. I >> don't >>> know how many times I had read that this was incorrect and STILL did >>> it!! Anyway, I got it to work with that change. But this was all >> just >>> for testing. But now I realized that I may not be able to use this >> with >>> what I want to accomplish. >>> >>> 1) Use apache Authorization via .htaccess (which connects to Active >>> Directory) -- Working >>> 2) After the user is authenticated I have a form (html) with two >> fields >>> that posts to a python script. -- partially working (cannot log >>> username) >> >> When you say script, what is it implemented as, CGI or mod_python? >> >> If CGI, then user should be available as REMOTE_USER environment >> variable. If mod_python then as req.user. >> >> If these don't work then the AD module you are using for >> authentication is broken in not setting 'user' in Apache request >> structure properly. >> >>> The reason I looked into mod_python was that I am trying to pass the >>> user's name from the initial login to my python script. Any ideas on >>> how I could do this? >> >> Or are you after full name of user rather than a log in ID? >> >> Can you clarify a bit. >> >> Graham >> >>> Thanks, >>> Mitesh >>> >>> -----Original Message----- >>> From: Graham Dumpleton [mailto:graham.dumpleton at gmail.com] >>> Sent: Monday, February 09, 2009 5:35 PM >>> To: Mitesh Shah >>> Cc: mod_python at modpython.org >>> Subject: Re: [mod_python] req.user always returns None >>> >>> It is the authentication handlers responsibility, directly or >>> indirectly, to set req.user, it will not be set before the >>> authentication handler is called. Setting it is one of the things > that >>> a correctly implement authentication handler should do. >>> >>> For the way you are doing things, req.user will only be set after: >>> >>> pw = req.get_basic_auth_pw() >>> >>> is called. Ie., done as a side effect of that call. >>> >>> BTW, if you are new to mod_python, you might want to consider instead >>> using mod_wsgi, writing your application code as a WSGI application >>> and using mod_wsgi's much simpler to understand authentication >>> provider hooks where everything is done for you except for validating >>> the user credentials. For the latter see: >>> >>> http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms >>> >>> Graham >>> >>> 2009/2/10 Mitesh Shah <mshah at harpercollege.edu>: >>>> I am having some issues trying to req.user to return a username. I >> am >>> very >>>> new to python and mod_python. I happened upon this thread: >>>> >>>> >>>> >>>> http://osdir.com/ml/python.mod_python/2003-10/msg00092.html > regarding >>> a >>>> similar issue. >>>> >>>> >>>> >>>> Anyway, even when I ran the code posted by "David Hancock" in the >> post >>> above >>>> I only got a "None" for the username in the error_log file. I am >>> sending >>>> this in the URL: >>>> >>>> "http://localhost/python/mptest" >>>> >>>> >>>> >>>> Here is the test setup as it applies to me(basically unchanged). >>>> >>>> >>>> >>>> ******mptest.py******* >>>> >>>> from mod_python import apache >>>> >>>> >>>> >>>> def handler(req): >>>> >>>> req.content_type = 'text/plain' >>>> >>>> req.send_http_header() >>>> >>>> req.write("Hello, world!") >>>> >>>> return apache.OK >>>> >>>> >>>> >>>> def authenhandler(req): >>>> >>>> user = req.user >>>> >>>> pw = req.get_basic_auth_pw() >>>> >>>> req.log_error(str(user) + ' ' + str(pw)) >>>> >>>> if user == "fred" and pw == "secret": >>>> >>>> return apache.OK >>>> >>>> else: >>>> >>>> return apache.HTTP_UNAUTHORIZED >>>> >>>> *******mptest.py****** >>>> >>>> >>>> >>>> *******httpd.conf****** >>>> >>>> <Directory "/var/www/html/python"> >>>> >>>> AddHandler python-program .py >>>> >>>> PythonHandler mptest >>>> >>>> PythonAuthenHandler mptest >>>> >>>> AuthType Basic >>>> >>>> AuthName "mod_python restricted area" >>>> >>>> require valid-user >>>> >>>> PythonDebug On >>>> >>>> </Directory> >>>> >>>> ******httpd.conf******* >>>> >>>> >>>> >>>> *******error_log******* >>>> >>>> [Mon Feb 09 17:10:04 2009] [error] [client 127.0.0.1] None secret >>>> >>>> *******error_log******* >>>> >>>> >>>> >>>> After attempting to login I get a 401 page and then I am asked to >>> login >>>> again. >>>> >>>> >>>> >>>> Any help would be greatly appreciated! >>>> >>>> >>>> >>>> Thank you, >>>> >>>> Mitesh >>>> >>>> >>>> >>>> _______________________________________________ >>>> Mod_python mailing list >>>> Mod_python at modpython.org >>>> http://mailman.modpython.org/mailman/listinfo/mod_python >>>> >>>> >>> >> >
|