mod-auth-devel Mailing List for mod_auth
Brought to you by:
firechipmunk,
honx
Menu
▾
▴
mod-auth-devel — List for Developers
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(9) |
Nov
(11) |
Dec
(2) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
(5) |
Feb
(2) |
Mar
|
Apr
|
May
(1) |
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2005 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
|
|
From: Matthew L D. <md...@sc...> - 2005-11-08 02:18:59
|
> The reason it didn't compile is because it is designed to only work with > httpd 2.1.x, and not 2.0.xx :) I figured as much, but the README said something helpful like "use the source, Luke". Would it be a violation of mod_authn_pop3's design goals to use #ifdefs in order to compile on both versions? I didn't have to make that many changes, so it seems reasonable but may be more trouble than it's worth. Thanks for your response, -- /v\atthew |
|
From: Matthew L D. <md...@sc...> - 2005-11-07 17:42:31
|
You'll forgive me if this is old news, as I just stumbled across the module via Google. It did not compile against my httpd-2.0.54 so I used mod_auth_dbm as an example and hacked upon it until it did compile. The autotools based compilation was completely hosed in my case, but > /usr/sbin/apxs -c mod_authn_pop3.c yieled: > mod_authn_pop3.c:37:22: error: mod_auth.h: No such file or directory > mod_authn_pop3.c: In function 'pop_auth': > mod_authn_pop3.c:158: error: too many arguments to function 'apr_socket_create' > mod_authn_pop3.c: At top level: > mod_authn_pop3.c:230: error: syntax error before 'check_pop3_pw' > mod_authn_pop3.c: In function 'check_pop3_pw': > mod_authn_pop3.c:238: error: 'struct <anonymous>' has no member named 'serverhostname' > mod_authn_pop3.c:238: error: 'struct <anonymous>' has no member named 'port' > mod_authn_pop3.c:245: error: 'AUTH_GRANTED' undeclared (first use in this function) > mod_authn_pop3.c:245: error: (Each undeclared identifier is reported only once > mod_authn_pop3.c:245: error: for each function it appears in.) > mod_authn_pop3.c:249: error: 'AUTH_DENIED' undeclared (first use in this function) > mod_authn_pop3.c: At top level: > mod_authn_pop3.c:253: error: syntax error before 'get_pop3_realm_hash' > mod_authn_pop3.c: In function 'get_pop3_realm_hash': > mod_authn_pop3.c:260: error: 'AUTH_DENIED' undeclared (first use in this function) > mod_authn_pop3.c: At top level: > mod_authn_pop3.c:263: error: syntax error before 'authn_pop3_provider' > mod_authn_pop3.c:264: warning: initialization makes integer from pointer without a cast > mod_authn_pop3.c:264: error: initializer element is not computable at load time > mod_authn_pop3.c:264: error: (near initialization for 'authn_pop3_provider') > mod_authn_pop3.c:266: warning: excess elements in scalar initializer > mod_authn_pop3.c:266: warning: (near initialization for 'authn_pop3_provider') > mod_authn_pop3.c:266: warning: data definition has no type or storage class > mod_authn_pop3.c: In function 'register_hooks': > mod_authn_pop3.c:270: error: 'AUTHN_PROVIDER_GROUP' undeclared (first use in this function) > apxs:Error: Command failed with rc=65536 In the spirit of the APL 2.0, I wanted to submit my changes back in case someone else was interested. I release all rights and ownership of this patch. Thanks to the original authors for a great starting point, -- /v\atthew |
|
From: Paul Q. <ch...@fo...> - 2004-06-08 16:20:39
|
On Tue, 2004-06-08 at 07:58 -0700, John L. Poole wrote: > [This was posted to the mod-auth-users list, as well; as a > work-around, I located a file named mod_auth.h through Google and > added it to the ../src directory and then mod_authn_dbi compiled.] > > the ./src/mod.authn.dbi.c references a header file at line 46: > > #include "mod_auth.h" > > which is not included in the package nor was I able to find it in the > installation of apache or apache2 on a Gentoo Linux system. > > Was this header file ommitted, or is there a dependency here? > If the latter, where do I obtain the mod_auth.h file? You are attempting to build mod_authn_dbi against Apache 2.0.X, and not Apache 2.1.0-CVS which is the minimum required version. The CVS -HEAD versions of Apache or the 'development branch', has a new authentication system. Our module is not compatible with any 'released' version of Apache. You must use the 2.1.0 from Apache's CVS to use this module. Thanks for trying it out :) Even if you added the header, the module will not work unless it is being used on Apache 2.1.0. (would need to replace the entire authentication system to make it work on 2.0.XX). -Paul Querna |
|
From: John L. P. <joh...@ed...> - 2004-06-08 14:59:32
|
[This was posted to the mod-auth-users list, as well; as a work-around,
I located a file named mod_auth.h through Google and added it to the
../src directory and then mod_authn_dbi compiled.]
the ./src/mod.authn.dbi.c references a header file at line 46:
#include "mod_auth.h"
which is not included in the package nor was I able to find it in the
installation of apache or apache2 on a Gentoo Linux system.
Was this header file ommitted, or is there a dependency here?
If the latter, where do I obtain the mod_auth.h file?
Thank you,
John Poole
pro...@ed...
|
|
From: <ben...@id...> - 2004-05-25 08:52:49
|
Dear Open Source developer I am doing a research project on "Fun and Software Development" in which I kindly invite you to participate. You will find the online survey under http://fasd.ethz.ch/qsf/. The questionnaire consists of 53 questions and you will need about 15 minutes to complete it. With the FASD project (Fun and Software Development) we want to define the motivational significance of fun when software developers decide to engage in Open Source projects. What is special about our research project is that a similar survey is planned with software developers in commercial firms. This procedure allows the immediate comparison between the involved individuals and the conditions of production of these two development models. Thus we hope to obtain substantial new insights to the phenomenon of Open Source Development. With many thanks for your participation, Benno Luthiger PS: The results of the survey will be published under http://www.isu.unizh.ch/fuehrung/blprojects/FASD/. We have set up the mailing list fa...@we... for this study. Please see http://fasd.ethz.ch/qsf/mailinglist_en.html for registration to this mailing list. _______________________________________________________________________ Benno Luthiger Swiss Federal Institute of Technology Zurich 8092 Zurich Mail: benno.luthiger(at)id.ethz.ch _______________________________________________________________________ |
|
From: Paul Q. <ch...@fo...> - 2004-02-29 13:38:49
|
Ive built and done simple testing of RC1 + my small changes on: - Lunar Linux x86 - (2.4.23) - Debian Unstable x86 - (2.6.4-RC1) - Gentoo Linux SPARC - (2.4.22) - FreeBSD x86 - (5.2-CURRENT)=20 I am +1 on a 0.9.0 Release from the CVS HEAD. Once the release is rolled we need to make the release announcements. Possible Announcement: "The 0.9.0 Release of mod_authn_dbi adds several new SQL query keywords, fixes a crash if the database server is down, removed native SHA1 Support (now supported via APR), fixed several possible security bugs and changes the license to the Apache Software License 2.0. All users are recommended to upgrade." Recommendations welcome :) For 1.0 I am pondering removing all the authn_dbi database pooling code. I would like to move it into mod_dbi_pool. The major problem I see with having it in a separate module is that it increases the barrier to entry -- it requires more work to get started. =20 One possible solution is to include mod_dbi_pool in the mod_authn_dbi releases. This is sort of nasty once mod_dbi_pool is used by other modules, but it would make life easier for end users. The other option is just to ignore the 'ease of setup' factor and do what logically makes sense: moving database pooling to another module.=20 With the pooling in another module, It would be useful for modules like mod_vhost_dbi(on my hard drive - not released yet), mod_ftpd_dbi_provider, and any scripting languages in apache modules that would like to use pooled libdbi connections. Moving database pooling out of authn_dbi would greatly simplify the authn_dbi module, making a re-factor of the code easier. This is the major thing I want done before 1.0. Most of the other goals in the TODO are Testings or Documentation related. Is there any other major code related changes you want before 1.0 Axel? - Paul Querna |
|
From: Axel G. <ag...@pr...> - 2004-02-25 23:03:49
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 moin, i did some of the preparations we need to get version 0.9 out. the docs are updated in mod_auth_webspace and mod_authn_dbi and the version is tagged AUTHN_DBI_0_9_0_RC1 now. i also added some more docs to the main webpage and added my pgp-key. tty, axel - -- Axel Grossklaus PRESECURE (R) Security Specialist, Consulting GmbH Phone: (+49) 040 / 8080 77 - 880 ag...@pr... Fax: (+49) 040 / 8080 77 - 877 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFAPSmOHAHtNfez9GYRAubVAJ9Y7TdlLRVgVzrixClJhsb6cI9n+ACgiJ5/ UpcR4gJUd42CypH2z//NAoA= =2q+J -----END PGP SIGNATURE----- |
|
From: Paul Q. <ch...@fo...> - 2004-01-18 02:46:31
|
hmm.. GPG seems to work great in Evolution. |
|
From: Paul Q. <ch...@fo...> - 2004-01-17 19:50:09
|
On Sat, 2004-01-17 at 12:01, Axel Grossklaus wrote: > for this to work, apache would have to change the prototype > from > > authn_status (*check_password)(request_rec *r, const char *user, > const char *password); > > to > > authn_status (*check_password)(request_rec *r, const char **user, > const char *password); > > i wonder if it would be worth asking on apache-devel since the > answer would probably be "no". on the other hand, this still > is a developer version. hmmm.... > > maybe a cleaner way would be to create a mod_map_username.... > I think most on dev@apache will advocate a seperate module, although this might now be possible since it is still 2.1. Another option is an ap_change_username(*r, char* new_username) type function that would be in the core httpd. > > 1.0.0 > > - Testimonials / Who is using it - put it on the website? > > well, that would really be interesting. i google for mod_authn_dbi every > once in a while, but nothing really interesting turns up although it got > mentioned in an article of a german linux magazine. > (http://www.linuxenterprise.de). > > well, people will probably start using it once apache-2.2 is out. Yep, I think more people will once 2.2 is out. Perhaps have a "In the Press and Users" Section on the Website? Cyan Worlds uses mod_authn_dbi in production for URU Clients. I think a few people are using the module in non-public ways aswell. I also use it for my personal subversion repo... but i guess thats not a good example of a 'user' :) > > - Create Patches to use 2.1 Authentication on 2.0.XX Releases? > > that would be a really nice features...but probably also a lot > of work... Yup, I agree, it would take a large ammount of work. I was just thinking of it as an option to allow more people to use it faster. Most likely will be dropped. > > - Test on all supported libdbi databases. > > - Test on 32bit, 64bit, little/big endian machines (might be a > little exterme) > > - Linux x86 > > - FreeBSD 5 x86 [chip] > > - Linux SPARC [chip] > > - AMD64? > > - Linux MIPS [chip] > > - PPC? > > i can test it on solaris/sparc and maybe get someone to test it > on IRIX. Cool. Doing all of these for every release might not be worth it (just about all would be using GCC...), but I would at least like to try them once before 1.0. > > - Create Binary Releases (rpm and deb?) > > * For now perhaps just create /debian/ and RPM .specs files, > > pending a 2.1/2.2 -release of Apache? > > - Get into Package Systems: (post 1.0?) > > * requires httpd 2.1 or 2.2 -release? > > - Debian > > - FreeBSD > > - Gentoo > > - Lunar > > do you know which of these distributions include libdbi? Debian, FreeBSD, Gentoo and Lunar all have libdbi. Redhat 9 includes an old version (at Cyan we built our own updated RPMs), but I think Fedora Core has a newer one. Don't know about SuSe. > > 0.9.0 > > - Include HTML/XML Documentation in Releases? > > - Bigger Files... > > yes, including the docs into the tarball would be useful. > not all the places where this will be used have internet > access as an http-client. > > i think putting a text-version of the doc-website into release tarballs > would be a good idea. Yup, should be a XSLT transformation away. > > > - Use APXS for Makefiles [chip] > > - Remove extra files from CVS (autoconf/make stuff we don't need) > >[chip] I think I will do those two today. > > - Have external people look for security issues (Prep for 1.0) > > - Create "security-issues" contact address (for whole auth project?) > > in general, yes. but what domain would this address be under? > do we want modauth.org? I just might buy that or a simular domain today. I already need to renew force-elite.com > some pgp-key for security related stuff should also be available. > > i will create a ho...@so... pgp-key and publish the keyid > on the website for now. > maybe you could do the same. > > until we have decided this a note on the homepage saying "for security > related issues, contact the develpers directly by email" should be ok. > > > and we should start signing the releases with gpg. > Agree. Should be done for 0.9 > i would also like to have some way to sign the sources as > they go into cvs, although this is probably not going to > be easy to do in a useful way.. > > do you have a pgp key? > I used to (2+ years ago). I haven't used it, and I beleive it might of been completely lost in a format. I will create one for ch...@fo... today. > > - Support mod_dbi_pool [chip?] I need to finish mod_dbi_pool first. This might not be ready untill 1.0. > > - Merge In Cyan changes to Mainline? [chip] > > * These Officaly Might break how the Digest RFC Works... > what do those changes do? Basicly hash the username/password again with two secrets known by the client and server. Prevents any Joe with Internet Explorer from downloading the files. > > - Send Announcements: > > - SourceForge > > - FreshMeat [chip] > > - modules.apache.org [chip] > > - Other? > > > i would also like to change the dbi_result_get_* functions > into dbi_result_bind_*. > I think we could do some good refactoring on the code right now. Not just changing those functions, but some better re-organization. It shows its ... origins as an evil hack to get it working, and not a proper design. > the semantics of dbi_result_get_string are sort of broken. > on error, it returns the string "ERROR" (which is also > not documented), so you have no way to tell an error from > a field containing "ERROR". :( > Yes, this is a very bad part of the libdbi API. I wish they would do it another way, perhaps we should just create a patch todo it for them :) -chip |
|
From: Axel G. <ag...@pr...> - 2004-01-17 19:00:36
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
moin,
i spent a few hours working on mod_authn_dbi today,
but it seems the "mangle username" feature will not
be possible without changing apaches authn-interface.
i can change the value of the username string, but i
cannot change the string itself, so the new username could
only be as long as the old one.
for this to work, apache would have to change the prototype
from
authn_status (*check_password)(request_rec *r, const char *user,
const char *password);
to
authn_status (*check_password)(request_rec *r, const char **user,
const char *password);
i wonder if it would be worth asking on apache-devel since the
answer would probably be "no". on the other hand, this still
is a developer version. hmmm....
maybe a cleaner way would be to create a mod_map_username....
well, we'll see...
i had a look through the TODO file and have a few comments:
> 1.0.0
> - Testimonials / Who is using it - put it on the website?
well, that would really be interesting. i google for mod_authn_dbi every
once in a while, but nothing really interesting turns up although it got
mentioned in an article of a german linux magazine.
(http://www.linuxenterprise.de).
well, people will probably start using it once apache-2.2 is out.
> - Some Sort of Official Security Audit
> - Benchmarks?
> - vs File, DBM and No Authentication?
> - High Load Throughput?
> - with mod_authn_cache?
> - Classic MySQL, PgSQL, SQLite.. etc?
> - Create Patches to use 2.1 Authentication on 2.0.XX Releases?
that would be a really nice features...but probably also a lot
of work...
> - Update Documentation (README Specificly needs to be reworked)
i will try to add some documentation into it.
> - Test on all supported libdbi databases.
> - Test on 32bit, 64bit, little/big endian machines (might be a
little exterme)
> - Linux x86
> - FreeBSD 5 x86 [chip]
> - Linux SPARC [chip]
> - AMD64?
> - Linux MIPS [chip]
> - PPC?
i can test it on solaris/sparc and maybe get someone to test it
on IRIX.
> - Create Binary Releases (rpm and deb?)
> * For now perhaps just create /debian/ and RPM .specs files,
> pending a 2.1/2.2 -release of Apache?
> - Get into Package Systems: (post 1.0?)
> * requires httpd 2.1 or 2.2 -release?
> - Debian
> - FreeBSD
> - Gentoo
> - Lunar
do you know which of these distributions include libdbi?
> 0.9.0
> - Include HTML/XML Documentation in Releases?
> - Bigger Files...
yes, including the docs into the tarball would be useful.
not all the places where this will be used have internet
access as an http-client.
i think putting a text-version of the doc-website into release tarballs
would be a good idea.
> - Use APXS for Makefiles [chip]
> - Remove extra files from CVS (autoconf/make stuff we don't need)
>[chip]
> - Have external people look for security issues (Prep for 1.0)
> - Create "security-issues" contact address (for whole auth project?)
in general, yes. but what domain would this address be under?
do we want modauth.org?
some pgp-key for security related stuff should also be available.
i will create a ho...@so... pgp-key and publish the keyid
on the website for now.
maybe you could do the same.
until we have decided this a note on the homepage saying "for security
related issues, contact the develpers directly by email" should be ok.
and we should start signing the releases with gpg.
i would also like to have some way to sign the sources as
they go into cvs, although this is probably not going to
be easy to do in a useful way..
do you have a pgp key?
> - Mangle usernames [axel]
postponed.
> - More SQL Variables [axel]
mainly done..
> - Support mod_dbi_pool [chip?]
> - Merge In Cyan changes to Mainline? [chip]
> * These Officaly Might break how the Digest RFC Works...
what do those changes do?
> - Send Announcements:
> - SourceForge
> - FreshMeat [chip]
> - modules.apache.org [chip]
> - Other?
i would also like to change the dbi_result_get_* functions
into dbi_result_bind_*.
the semantics of dbi_result_get_string are sort of broken.
on error, it returns the string "ERROR" (which is also
not documented), so you have no way to tell an error from
a field containing "ERROR". :(
tty, axel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQFACYaRHAHtNfez9GYRAuE6AJ0fVX1o/BbUzmqF+VAvdlZC+H3RcACfTvQf
ZbP0Rrc+MrHwtbs2J1+hWTQ=
=6CHu
-----END PGP SIGNATURE-----
|
|
From: Nick K. <ni...@we...> - 2004-01-06 01:58:38
|
Just to let you know, I've added an additional feature that's rather
more powerful than what we already have. sql_acquire gets a handle
that remains valid and guaranteed unique through the lifetime of
a request. It can be called any number of times in different phases
of a request, or (most powerfully) in different modules, by the
simple expedient of storing the request's handle in the request_config.
(not yet ported to pg_pool and mysql_pool)
typedef struct {
SQL* sql ;
unsigned int flags ;
apr_reslist_t* dbpool ;
} sql_request ;
static apr_status_t pool_release(void* x) {
sql_request* req = (sql_request*)x ;
if ( req->flags & SQL_TRANSACTION_ENABLED )
req->sql->rollback() ;
if ( req->flags & SQL_LOCK_ENABLED )
req->sql->unlock(NULL) ;
apr_reslist_release(req->dbpool, req->sql) ;
return APR_SUCCESS ;
}
SQL* sql_acquire(request_rec* r, unsigned int flags) {
sql_request* req = (sql_request*)
ap_get_module_config(r->request_config, &valet_sql_module) ;
if ( ! req ) {
svr_cfg* svr = (svr_cfg*)
ap_get_module_config(r->server->module_config, &valet_sql_module) ;
req = (sql_request*) apr_palloc(r->pool, sizeof(sql_request) ) ;
req->flags = flags ;
req->dbpool = svr->dbpool ;
if ( apr_reslist_acquire(svr->dbpool, (void**)&req->sql)
!= APR_SUCCESS ) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Failed to acquire SQL connection from pool") ;
return NULL ;
}
const char* err = req->sql->verify(r->pool) ;
if ( err ) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "SQL: %s", err) ;
apr_reslist_release(svr->dbpool, req->sql) ;
return NULL ;
}
ap_set_module_config(r->request_config, &valet_sql_module, req) ;
apr_pool_cleanup_register(r->pool, req,
pool_release, apr_pool_cleanup_null) ;
} else {
req->flags |= flags ; // ensure all required cleanups happen
}
return req->sql ;
}
--
Nick Kew
|
|
From: Paul Q. <ch...@fo...> - 2004-01-03 02:06:17
|
Official Notice from Nick Kew to relicense mod_dbi_pool.c Posting to -devel so there its almost public record. -chip |
|
From: Paul Q. <ch...@fo...> - 2003-12-28 21:05:27
|
I got a patch commited back in November for apr_password_validate() in APR-Util to support SHA1 Passwords. It should go into the next 2.0.XX release of Apache. This is just more of a note that we should remove our AprSHA1 Directive in the future. -chip |
|
From: Paul Q. <ch...@fo...> - 2003-12-28 05:02:11
|
I tried to regenerate the HTML for the website, but it looks like permissions are messed up in the cvs checkout. I should just get it setup to regenerate once an hour via crontab. (so we don't have to screw with permissions ever again....) I opted in for Donations, and set 100% of any we get to go to the Apache Software Foundation. It needs you to opt in aswell... Well, i guess that is assuming we get *any* donations :) -chip |
|
From: Paul Q. <ch...@fo...> - 2003-11-24 23:06:46
|
> moin, > > now that my exam is done, i can do some more work on > mod-auth, hopefully tonight. cool. I have been very busy with school lately. I haven't had much time to hack on the authn_* projects. I still need to work on some stuff tonight, and I have finals in mid-december. > my todo list at the moment looks like this (with > priorities roughly in that order): > > - - more docs for mod_authn_dbi > - - more query-variables for mod_authn_dbi > (e.g. client-ip) Client IP, a cookie value, any other client properties? > - - check and maybe implement the "mangle-username" feature > in mod_authn_dbi i.e. user puts in fo...@ba..., remove "@bar.com" from the query? > - - test mod_authn_pop3 > - - add POP/TLS and maybe APOP support into mod_authn_pop3 Both of those are on my todo list. Any help would be great :) > - - try out mod_authn_cache authn_cache is broken right now. I have partial fixes for it on my harddrive, but i need to sit down with it for a couple hours and bend it into shape. > - - do some more planning/testing for allowing mod_authn_dbi > configs in .htaccess I sort of fear doing this. While authn_dbi might not commonly be used in a virtual hosting enviroment, it may allow end users too much control. (Ie they could create thousands of DB connections.) We need to be carefull with this. Documentation making the admin aware of the power he is giving the users needs to be present. > P.S.: the mailing-list archives on sourceforge seem to > be broken at the moment :( Ya, SourceForge hasn't been very reliable. Another project that is brewing is a "mod_dbi" or "mod_pool". The idea is to share resources between different modules.(ie mod_authn_dbi could share its DBI connections with mod_perl...) http://marc.theaimsgroup.com/?l=apache-modules&m=106962548318503&w=2 Not sure how soon this will pick up, but I talked to Nick Kew on IRC and he seems interested in getting such a project off its feet. -chip |
|
From: Axel G. <ag...@pr...> - 2003-11-24 11:03:52
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
moin,
now that my exam is done, i can do some more work on
mod-auth, hopefully tonight.
my todo list at the moment looks like this (with
priorities roughly in that order):
- - more docs for mod_authn_dbi
- - more query-variables for mod_authn_dbi
(e.g. client-ip)
- - check and maybe implement the "mangle-username" feature
in mod_authn_dbi
- - test mod_authn_pop3
- - add POP/TLS and maybe APOP support into mod_authn_pop3
- - try out mod_authn_cache
- - do some more planning/testing for allowing mod_authn_dbi
configs in .htaccess
let's get that project-activity score back up to 60% ;-)
tty, axel
P.S.: the mailing-list archives on sourceforge seem to
be broken at the moment :(
- --
Axel Grossklaus PRESECURE (R)
Security Specialist, Consulting GmbH
Phone: (+49) 040 / 8080 77 - 880 ag...@pr...
Fax: (+49) 040 / 8080 77 - 877
Course licensed from the CERT Coordination Center
Managing Computer Security Incident Response Teams
https://www.pre-secure.de/ms12
Muenster, Nov. 26-28, 2003
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQE/weV2HAHtNfez9GYRAla5AJ95Lo+e3nL0XYfVYOW3xk7hBHoI1ACeM0+X
mew7hIegvlDcRY5boqNtrT8=
=nU0c
-----END PGP SIGNATURE-----
|
|
From: Paul Q. <ch...@fo...> - 2003-11-12 06:45:59
|
I have started work on mod_authn_cache.
Basicly it acts like a normal Authn Module to the upper layers, and to the
lower layers(ie authn_dbi) it looks just like it is normaly called.
I took the shared mem and caching stuff from mod_ldap and hacked it up nicely
to be used for my own evil purposes.
example config:
<Location /cache-test>
AuthType Basic
AuthName "basic authn_pop3 testing area"
AuthBasicProvider cache
AuthnCacheProvider pop3
AuthnPOP3Hostname force-elite.com
AuthnPOP3Timeout 20
AuthnPOP3Port 110
Require valid-user
</location>
It currently is rather broken. Feel free to test/debug/fix.
-chip
|
|
From: Paul Q. <ch...@fo...> - 2003-11-11 09:31:11
|
I hacked up auth_pam for 2.0 to authn_pam for 2.1, but I can't get it to authenticate me on my FreeBSD machine. By my reading of the code, it should operate just like it did in 2.0, but maybe I missed somthing.(or it just doesn't work in FreeBSD?) After a quick googling it looks like FreeBSD won't authenticate unless Apache is running as root. sounds lame. I will have to investigate later. anyways. testing of the authn_pam code would be cool on a Linux Platform. -chip |
|
From: Paul Q. <ch...@fo...> - 2003-11-11 06:02:02
|
authn_pop3 works for me against my own XMail POP3 Server. If you get a chance to test it against any other pop3 servers that would be nice. I will write up more documentation on it when i get a chance, inital docs are already commited and on the webspace. I think I will do a -release in a week or two. This module currently has no caching, so deployment in the realworld would kill performance. (hence, would be nice to have authentication caching in the 2.1 core instead of us implmenting it everywhere... etc..) -chip |
|
From: Axel G. <ag...@pr...> - 2003-11-10 20:25:32
|
Paul Querna wrote:
moin,
> I packed up test1 into -release this morning since I haven't heard
about any
> problems with it.
great..
> Axel - On the homepage's index.xml I added a Bio Section for
developers, feel
> free to put whatever you want there.
i've committed a few lines about me to CVS.
i've also created a mod-auth-commit mailing list, when it is created by
sourceforge, i will configure CVS to post commit messages there.
> I know not all the documentation is complete, but i figured we might
as well
> push this out instead of letting us drag our feet too much....(maybe
attrack
> more developers.)
i will commit some more documentation tonight..
tty, axel
--
Axel Grossklaus PRESECURE (R)
Security Specialist, Consulting GmbH
Phone: (+49) 040 / 8080 77 - 880 ag...@pr...
Fax: (+49) 040 / 8080 77 - 877
Course licensed from the CERT Coordination Center
Managing Computer Security Incident Response Teams
https://www.pre-secure.de/ms12
Muenster, Nov. 26-28, 2003
|
|
From: Paul Q. <ch...@fo...> - 2003-11-10 16:33:07
|
I packed up test1 into -release this morning since I haven't heard about any problems with it. on SF: https://sourceforge.net/project/showfiles.php?group_id=93106 Homepage: http://mod-auth.sourceforge.net/ FreshMeat: (pending their review) http://freshmeat.net/projects/mod_authn_dbi/ I also updated the webpages at open.cyanworlds.com to point to our project. Axel - On the homepage's index.xml I added a Bio Section for developers, feel free to put whatever you want there. I know not all the documentation is complete, but i figured we might as well push this out instead of letting us drag our feet too much....(maybe attrack more developers.) -chip |
|
From: Paul Q. <ch...@fo...> - 2003-11-03 19:18:09
|
On Mon, 03 Nov 2003 19:35:17 +0100, Axel Grossklaus wrote > moin, > > > - make a homepage for prorject: http://mod-auth.sourceforge.net > > (Should we use XML like the Docurmentation? or just HTML/php?) > > i would go for xml in the cvs tree and html in the tarballs > and on the website. > > i comitted the first part of mod_authn_dbi yesterday evening, but > did not update the webpage. > > i hope i can do the rest tomorrow or wednesday. > (i am pretty busy with uni & job at the moment). Thanks for all the stuff you have done, if you can't work on it, don't worry, we got time on our side :) (httpd 2.1 isn't even in alpha yet!) (note to self, i should bug dev@httpd about this...) I will likely move some of the build/style stuff down to the root of the htdocs so one script can build the whole website.(both the docs and general website) > > - Update mod_authn_dbi/README > > - Update mod_authn_dbi/ChangeLog > > - Update mod_authn_dbi/TODO (Set Goals for 0.0.8... any ideas?) > > one or two. > > if possible, i would like to ad a way to decouple the username > that was entered by the user and the name that is used in apache > (logs etc). > > maybe add a directive like > > AuthnDbiAuthUsernameField > > i have not really checked how this could be done in apache, but > i think it would be a nice feature to allow separate user/accounts > but make it look to any script/cgi like the same user looged in. Not entirely sure what you mean by this? In scripting you can pick up what the user authenticated as.. in php its the $_SERVER['PHP_AUTH_USER'] var, and if a user authenticates with authn_dbi first, this value will have what they authenticated with.... > i have not really thought much about other features, > my main goal will be writing more documentation > and provide nice examples for nifty stuff to do > with the query-directive. > > > Anything else you can think of Axel? > not at the moment, but..... more things todo: - update open.cyanworlds.com - update Freshmeat Project Info - Send Release Notice to Freshmeat - Send Release Notices to other places? Axel, do you have a FM account? -chip |
|
From: Axel G. <ag...@pr...> - 2003-11-03 18:40:57
|
Paul Querna wrote: moin, > - make a homepage for prorject: http://mod-auth.sourceforge.net > (Should we use XML like the Docurmentation? or just HTML/php?) i would go for xml in the cvs tree and html in the tarballs and on the website. i comitted the first part of mod_authn_dbi yesterday evening, but did not update the webpage. i hope i can do the rest tomorrow or wednesday. (i am pretty busy with uni & job at the moment). > - Update mod_authn_dbi/README > - Update mod_authn_dbi/ChangeLog > - Update mod_authn_dbi/TODO (Set Goals for 0.0.8... any ideas?) one or two. if possible, i would like to ad a way to decouple the username that was entered by the user and the name that is used in apache (logs etc). maybe add a directive like AuthnDbiAuthUsernameField i have not really checked how this could be done in apache, but i think it would be a nice feature to allow separate user/accounts but make it look to any script/cgi like the same user looged in. i have not really thought much about other features, my main goal will be writing more documentation and provide nice examples for nifty stuff to do with the query-directive. > Anything else you can think of Axel? not at the moment, but..... tty, axel -- Axel Grossklaus PRESECURE (R) Security Specialist, Consulting GmbH Phone: (+49) 040 / 8080 77 - 880 ag...@pr... Fax: (+49) 040 / 8080 77 - 877 Course licensed from the CERT Coordination Center Managing Computer Security Incident Response Teams https://www.pre-secure.de/ms12 Muenster, Nov. 26-28, 2003 |
|
From: Paul Q. <ch...@fo...> - 2003-11-03 16:36:03
|
forgot to add my todo list before -release: - make a homepage for prorject: http://mod-auth.sourceforge.net (Should we use XML like the Docurmentation? or just HTML/php?) - Update mod_authn_dbi/README - Update mod_authn_dbi/ChangeLog - Update mod_authn_dbi/TODO (Set Goals for 0.0.8... any ideas?) - Figure out why the export SED hack is needed for libtool. - Tag RELEASE_0_0_7 In CVS.(currently -test1 is just HEAD) - make a roll_release script. (I did it by hand this time, because I spent so much time scewing with libtool) Anything else you can think of Axel? On Mon, 3 Nov 2003 09:08:26 -0700, Paul Querna wrote > After much mucking around with libtool, I can build test1 on Lunar- > Linux and FreeBSD-CURRENT. > > I have put it up on our webspace: > http://mod-auth.sourceforge.net/devel/mod_authn_dbi-0.0.7-test1.tar.bz2 > > It is currently running on the demo page using the original > configuration (ie it does work backwards compat nicely.) > http://force-elite.com:4080/ > > One other thing I added was making mod_authn_dbi reveal itself in > the Server: Header. I don't know if we want to do this in the long > run, but other modules commonly do(mod_php, mod_auth_mysql.. etc.) > > Server: Apache/2.1.0-dev (Unix) mod_ssl/2.1.0-dev OpenSSL/0.9.6i > mod_authn_dbi/0.0.7 > > -chip > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. > Does SourceForge.net help you be more productive? Does it > help you create better code? SHARE THE LOVE, and help us help > YOU! Click Here: http://sourceforge.net/donate/ > _______________________________________________ > Mod-auth-devel mailing list > Mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-auth-devel |
|
From: Paul Q. <ch...@fo...> - 2003-11-03 16:08:29
|
After much mucking around with libtool, I can build test1 on Lunar-Linux and FreeBSD-CURRENT. I have put it up on our webspace: http://mod-auth.sourceforge.net/devel/mod_authn_dbi-0.0.7-test1.tar.bz2 It is currently running on the demo page using the original configuration (ie it does work backwards compat nicely.) http://force-elite.com:4080/ One other thing I added was making mod_authn_dbi reveal itself in the Server: Header. I don't know if we want to do this in the long run, but other modules commonly do(mod_php, mod_auth_mysql.. etc.) Server: Apache/2.1.0-dev (Unix) mod_ssl/2.1.0-dev OpenSSL/0.9.6i mod_authn_dbi/0.0.7 -chip |
