[mod_python] PythonAuthzHandler not working

Graham Dumpleton grahamd at dscpl.com.au
Sat Apr 22 18:19:13 EDT 2006 

On 23/04/2006, at 5:22 AM, Jim Gallacher wrote:

> Graham Dumpleton wrote:
>> Add to config:
>>   AuthAuthoritative Off
>
> That doesn't really make sense to me. Nothing like this is  
> mentioned for other auth modules like mod_auth_ldap.

I couldn't even find it documented. It is mentioned in source code  
for 2.0.
Turns of inbuilt auth.

>>   Require dummy
>> The value to Require cannot be:
>>   valid-user
>>   user ???
>>   group ???
>> it has to be something of your own creation that your authz  
>> handler then
>> interprets.
>> I am noting that authzhandler() can't return DECLINED, but must be  
>> OK,
>> or presumable HTTP_UNAUTHORIZED. Returning DECLINED results in 500
>> error and:
>> [Fri Apr 21 12:10:43 2006] [crit] [client ::1] configuration  
>> error:  couldn't check access.  No groups file?: /~grahamd/authz/ 
>> index.py
>
> I've worn my fingers to bloody stumps trying every directive that  
> seems even vaguely related to authentication or authorization and I  
> just can't get my authzhandler to fire.
>
> Well, screw it, I thought. I'll just use a stacked handler:
>
>   PythonAuthenHandler mprest.auth mprest.auth::authzhandler
>
> This works just fine, although I'd prefer to use PythonAuthzHandler  
> as it makes the intention clearer, but I've wasted enough time on  
> this already.
>
> So I'm working away, watching the "new module loader" thread float  
> by on the the mailing list and I say to myself, "Gee, I really  
> should turn on the new importer to give it a bit of a workout". I  
> turn it on, and give my authen/authz login function a whirl... and...
>
> Aaaaahhhhhrrrrggggg.....
>
> It sails right past the second handler in the stack -  
> mprest.auth::authzhanlder is ignored. Putting them in separate  
> directives makes no difference:
>
>   PythonAuthenHandler mprest.auth
>   PythonAuthenHandler mprest.auth::authzhandler
>
> No joy. (And of course PythonAuthzHandler is a lost cause for me).

See:

   http://issues.apache.org/jira/browse/MODPYTHON-129

Your first handler should return apache.DECLINED now if it doesn't do  
anything.
Problem is you are using stacked handlers here for two different  
purposes.

Graham

More information about the Mod_python mailing list