authnz_external module load order matters for GroupExternal and Require file-group
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libapache2-mod-authnz-external (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: apache2
With this example configuration:
{{{
<VirtualHost *:443>
AddExternalAuth auth_script /bin/true
SetExternal
AddExternal
SetExternal
<Directory /foo>
AuthType Basic
AuthName Protected
Require file-group
Satisfy All
</Directory
</VirtualHost>
}}}
and modules:
{{{
alias
auth_basic
authn_file
authnz_external
authz_default
authz_groupfile
authz_host
authz_owner
authz_user
autoindex
cgid
deflate
dir
env
headers
mime
negotiation
proxy
proxy_http
reqtimeout
rewrite
setenvif
ssl
status
}}}
using standard apache2 & required modules from Lucid repositories.
Requests that require authentication will fail with the error:
{{{
[Fri May 06 18:14:59 2011] [error] [client 123.123.123.123] access to /foo/bar/baz failed, reason: require directives present and no Authoritative handler., referer:
http://
}}}
Renaming '/etc/apache2/
Hi Richard. Thanks for taking the time to file a bug report and help us make Ubuntu better!
This appears to be a configuration issue. Without an external authenticator defined, mod_authnz_external is going to fail. So it is performing its duties properly. If you are going to use it, you need to configure it.. see this link for more info on configuring it:
http:// code.google. com/p/mod- auth-external/ wiki/Configurat ion
Also this is not really a problem with apache2, but with libapache2- mod-authnz- external , so redirecting to that source package, and closing as Invalid. You may want to just remove and maybe even purge that package if you're not using it.
If you have more information that suggests this is a bug and not a misconfiguration, please feel free to reopen the bug by changing its status back to "new", or opening a new bug with more information.