Description
The user is not recognised when using the Apache 2.0 module "mod_auth_digest" for authentification. A small change in request.py is required to make it work. -- DavidLinke 2005-02-15 23:31:37
Steps to reproduce
Enable http authentification in moin-config, i.e. set: auth_http_enabled = 1
- Configure Apache for using mod_auth_digest
Details
- My environment
MoinMoin Version
moin 1.3.3
OS and Version
Windows XP Pro
Python Version
Python 2.4.0
Server Setup
Apache 2.0.52 with cgi
Server Details
Authentication with mod_auth_digest
Workaround
Apply following patch:
{{{*** request.py.orig Wed Feb 9 22:11:43 2005 --- request.py Tue Feb 15 23:03:53 2005 *************** *** 260,266 ****
- # need config here, so check: self._load_multi_cfg()
! if self.cfg.auth_http_enabled and env.get('AUTH_TYPE',) == 'Basic': self.auth_username = env.get('REMOTE_USER',
)
- ## f=open('/tmp/env.log','a')
--- 260,266
- # need config here, so check: self._load_multi_cfg()
! if self.cfg.auth_http_enabled and env.get('AUTH_TYPE',) in ['Basic', 'Digest']: self.auth_username = env.get('REMOTE_USER',
)
- ## f=open('/tmp/env.log','a')
}}}
Discussion
- To also allow SSPI authentication with Apache, the above section of request.py must be further modified:
1 if self.cfg.auth_http_enabled and env.get('AUTH_TYPE','') in ['Basic', 'Digest', 'NTLM']: 2 username = env.get('REMOTE_USER','') 3 if env.get('AUTH_TYPE','') == 'NTLM': 4 # converting to standard case so that the user can even enter wrong case 5 # (added since windows does not distinguish between e.g. "Mike" and "mike") 6 username = username.split('\\')[-1].title() # split off domain e.g. from DOMAIN\user 7 self.auth_username = username
It looks like there is one .title() too much. And is that .title() really useful?
You are right. The last .title() was left over from experimenting ;-). I deleted that. Title() for NTLM is convenient (here) because people can enter their name in different ways into the login window and still get recognised in the wiki with the correct wiki-user-name e.g. "Meier" if the type meier, MEIER or something else (Note that no matter how they enter the name they pass the SSPI auth.). But it surely is not a "must-have".
Plan
- Priority: med
Assigned to: ThomasWaldmann
- Status: fixed in patch-651 (Digest and NTLM and .title() stuff, slightly refactored)