gutsy does not have a working apache+mysql authentication solution
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libapache-mod-auth-mysql (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: libapache2-
As of Mon Oct 8 17:08:24 EEST 2007, there is no working solution to authenticate with mysql from apache. This is a serious problem that might hinder migration to gutsy in many sites.
I have to file this bug against two packages as there are two possible solutions for mysql authentication, *neither of which work*:
1 [RECOMMENDED by Apache Foundation] mod_authn_dbd
(http://
2 [DEPRECATED] libapache2-
doesn't honour the AuthBasicAuthor
Versions:
-------------
Updated Gutsy beta release.
apache2-mpm-prefork 2.2.4-3build1
libapache2-
Setup:
-------------
a2enmod auth_mysql
virtual host conf:
<Location /mysqlauth>
# AuthUserFile /dev/null or /var/www/empty -- enabling this results in stack smashing
</Location>
db setup:
DROP database IF EXISTS apache_auth_test;
create database apache_auth_test;
use apache_auth_test;
create table auth ( username char(25) not null,
passwd char(25), primary key (username) );
insert into auth values ('somebody', PASSWORD(
grant all privileges on apache_auth_test.* to authtestuser@
Result:
-------------
1. Without AuthUserFile directive:
[Mon Oct 08 20:58:18 2007] [error] Internal error: pcfg_openfile() called with NULL filename
[Mon Oct 08 20:58:18 2007] [error] [client 213.35.160.166] (9)Bad file descriptor: Could not open password file: (null)
*** stack smashing detected ***: /usr/sbin/apache2 terminated
[Mon Oct 08 20:58:18 2007] [notice] child pid 4834 exit signal Aborted (6)
2. With either
AuthUserFile directive that points to a empty file (e.g. /dev/null)
or
AuthUserFile directive that points to a htpasswd file that does not contain the user name (e.g. trying with foo, but htapsswd file contains only bar):
*** stack smashing detected ***: /usr/sbin/apache2 terminated
[Mon Oct 08 16:57:05 2007] [notice] child pid 4250 exit signal Aborted (6)
3. With AuthUserFile directive that points to a htpasswd file that contains the user name (e.g. trying with foo and htpasswd file contains foo):
authentication succeeds, but database authentication is ignored
Conclusion:
-------------
1. AuthBasicAuthor
2. 'stack smashing detected' looks like a serious bug in libapache2-
See also #150651