Just set up a new directory with authentication, but I have to type my username and password twice before I authenticate. I have authentication working fine on about 10 other directories, the only difference is that they use group authentication and this one uses require valid-user. conf file is listed below...Any ideas ??
Cheers
Rod.
[snip]
<Directory /var/www/html/trainingcal>
AuthName "ARW Group Training Calendar"
AuthType Basic
AuthMySQLHost localhost
AuthMySQLDB intranetauth
AuthMySQLUserTable user_info
AuthMySQLPasswordField user_passwd
mod_auth_mysql doesn't actually request the userid/password, Apache does based on the Apache statements. If you are getting the request twice, it means Apache is requesting the password twice.
I suspect your problem is in your require statement. Do you want any valid user, or only specific users? If the former, specify
require valid-user
For the latter, specify
require user pudwellr bishopj kearnsp faheyk berrilld westc
You might also want to check the Apache documentation for more info on the require statement.
Jerry
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Been thinking about this problem and just wondering..does the module check user_name and user_password by default.?? The reason I ask is that I noticed from the old conf files I have that there is a require valid-user and require group statement in each conf directory. When I tried this with the latest version, Apache fell over..wouldn't load the module. It works if you only have a require group statement, which suggests it checks for valid username and password automatically. If so, it could explain this problem, it checks the database for valid username by default with first login, then asks for another login when reads the require user statement..
Or I am just playing with myself.!!
Cheers
Rod.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes, if you have any require statement, Apache calls authentication modules to validate the userid and password (same is true for mod_auth, for instance).
The logic in mod_auth_mysql is to check the list of require statements, and if any one of them succeed, it should return. In the case of the invalid statement, we look at the first word (valid-user) and should return OK (if the userid and password match) and the user is authorized. We should ignore the user list following, and the group list.
So - you could have something like:
require user user1 user2 user3
require group group1 group2 group3
Any of these users would be authorized, as well as anyone in any of the groups (the users do not need to be part of the groups). Userids and passwords must still be checked. require valid-user just means any user who validates can access the resource.
Now - all requests to protected directories will require Apache to send an authorization request to the browser. This isn't just for the page being requested; it also goes for things like images from protected directores. The browser should respond with the userid and password previously entered, making it transparent to the user.
Obviously something is not right here. In a recent version I did do some work on the require statement handling; it is possible I screwed something up there, but not sure what it might be.
I would be interested in what your Apache log has to say. The fact you're getting a second request means that a second authorization has failed, and there should be an entry in the log.
I would also be very interested in what you got when Apache wouldn't load the module - especially the configuration statements you had. If this is due to a bug in mod_auth_mysql, it needs to be fixed.
Hope this helps a little.
Jerry
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Just set up a new directory with authentication, but I have to type my username and password twice before I authenticate. I have authentication working fine on about 10 other directories, the only difference is that they use group authentication and this one uses require valid-user. conf file is listed below...Any ideas ??
Cheers
Rod.
[snip]
<Directory /var/www/html/trainingcal>
AuthName "ARW Group Training Calendar"
AuthType Basic
AuthMySQLHost localhost
AuthMySQLDB intranetauth
AuthMySQLUserTable user_info
AuthMySQLPasswordField user_passwd
require valid-user pudwellr bishopj kearnsp faheyk berrilld westc
</Directory>
[snip]
Rod,
mod_auth_mysql doesn't actually request the userid/password, Apache does based on the Apache statements. If you are getting the request twice, it means Apache is requesting the password twice.
I suspect your problem is in your require statement. Do you want any valid user, or only specific users? If the former, specify
require valid-user
For the latter, specify
require user pudwellr bishopj kearnsp faheyk berrilld westc
You might also want to check the Apache documentation for more info on the require statement.
Jerry
Jerry,
Been thinking about this problem and just wondering..does the module check user_name and user_password by default.?? The reason I ask is that I noticed from the old conf files I have that there is a require valid-user and require group statement in each conf directory. When I tried this with the latest version, Apache fell over..wouldn't load the module. It works if you only have a require group statement, which suggests it checks for valid username and password automatically. If so, it could explain this problem, it checks the database for valid username by default with first login, then asks for another login when reads the require user statement..
Or I am just playing with myself.!!
Cheers
Rod.
Hi, Rod,
Yes, if you have any require statement, Apache calls authentication modules to validate the userid and password (same is true for mod_auth, for instance).
I still think your problem is the statement:
require valid-user pudwellr bishopj kearnsp faheyk berrilld westc
This is not a valid statement You can have
require valid-user
require user (user list)
require group (group list)
See http://httpd.apache.org/docs-2.0/mod/core.html#require for more info.
The logic in mod_auth_mysql is to check the list of require statements, and if any one of them succeed, it should return. In the case of the invalid statement, we look at the first word (valid-user) and should return OK (if the userid and password match) and the user is authorized. We should ignore the user list following, and the group list.
So - you could have something like:
require user user1 user2 user3
require group group1 group2 group3
Any of these users would be authorized, as well as anyone in any of the groups (the users do not need to be part of the groups). Userids and passwords must still be checked. require valid-user just means any user who validates can access the resource.
Now - all requests to protected directories will require Apache to send an authorization request to the browser. This isn't just for the page being requested; it also goes for things like images from protected directores. The browser should respond with the userid and password previously entered, making it transparent to the user.
Obviously something is not right here. In a recent version I did do some work on the require statement handling; it is possible I screwed something up there, but not sure what it might be.
I would be interested in what your Apache log has to say. The fact you're getting a second request means that a second authorization has failed, and there should be an entry in the log.
I would also be very interested in what you got when Apache wouldn't load the module - especially the configuration statements you had. If this is due to a bug in mod_auth_mysql, it needs to be fixed.
Hope this helps a little.
Jerry