You are not logged in.
Okay, I'm trying to get some crazy authentication working in Trac and Apache. Basically, a user has a logon in a MySQL table that Apache finds to let the user view the project list. This works perfectly.
What I want to do, however, is have a separate column for what projects the user can access. I can use that table by playing with the SQL syntax so it's required to access a project. Here's what the current configuration looks like:
#Plain MySQL setup, no funny business here
<Location /dev>
AuthType Digest
AuthDigestProvider dbd
AuthName "trac"
# core authorization configuration
Require valid-user
AuthDBDUserRealmQuery "SELECT password FROM users WHERE username = %s"
</Location>
#SVN access, this doesn't override any authentication
<Location /dev/svn>
DAV svn
SVNParentPath /home/repo/svn
SVNPathAuthz off
SVNIndexXSLT "/repos-web/view/repos.xsl"
</Location>
#Trac access, still no crazy authentication
<Location /dev/trac>
SetHandler mod_python
PythonHandler trac.web.modpython_frontend
PythonOption TracEnvParentDir /home/repo/trac
PythonOption TracUriRoot /dev/trac
</Location>
#this SHOULD override the SQL to make the dDHCPD project only available to users whose projects column contains the string "dDHCPD"
<Location /dev/trac/dDHCPD>
AuthDBDUserRealmQuery "SELECT password FROM users WHERE username = %s AND projects like '%dDHCPD%'"
</Location>
This works for the trac project list and all other trac projects, but when I go to the dDHCPD project, Apache doesn't find the account. My test account is named debio, here's what the database shows:
mysql> select * from users;
+----------+----------------------------------+----------+
| username | password | projects |
+----------+----------------------------------+----------+
| debio | 36ffcc59c758af979c382bad19a9fd71 | dDHCPD |
+----------+----------------------------------+----------+
1 row in set (0.00 sec)
mysql>
Here's what I get when I fill in the crazy SQL query:
mysql> SELECT password FROM users WHERE username = 'debio' AND projects like '%dDHCPD%';
+----------------------------------+
| password |
+----------------------------------+
| 36ffcc59c758af979c382bad19a9fd71 |
+----------------------------------+
1 row in set (0.00 sec)
mysql>
As far as I can tell, this should all work. I can login as debio and navigate to anything in /dev except /dev/trac/dDHCPD, where Apache gives this:
[Wed Oct 29 20:19:48 2008] [error] [client 5.61.22.17] Digest: user `debio' in realm `trac' not found: /dev/trac/dDHCPD, referer: http://*IP ADDRESS*/dev/trac/
Any help would be appreciated, even if you just ask me to clarify something (I know I have a tendency to write cryptic posts). In fact, even if you just post up to tell me I'm an idiot for some reason, I'll probably thank you.
Last edited by arew264 (2008-10-30 01:34:32)
Offline