3,704
edits
Changes
Jump to navigation
Jump to search
mLine 1:
Line 1: + Line 233:
Line 234: + Line 248:
Line 250: + Line 258:
Line 261: + Line 265:
Line 269: + + Line 270:
Line 276: + + − + − + Line 282:
Line 290: + − + − + − + + − + − + + Line 304:
Line 315: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + − + − + − + + − + − + − + + + + + + + + Line 352:
Line 410: − + − + Line 513:
Line 571: + + + + + + +
→Apache Authentication: add AuthBasicProvider directive
{{Level|Developer}}
=Generic Instructions for building a Web Application RPM=
=Generic Instructions for building a Web Application RPM=
$OUT .= " AuthName \"$name\"\n";
$OUT .= " AuthName \"$name\"\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthBasicProvider external\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " require valid-user\n";
$OUT .= " require valid-user\n";
$OUT .= " AuthName \"$name\"\n";
$OUT .= " AuthName \"$name\"\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthBasicProvider external\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " AuthExternal pwauth\n";
'''$OUT .= " require valid-user\n";'''
'''$OUT .= " require valid-user\n";'''
$OUT .= " AuthName \"$name\"\n";
$OUT .= " AuthName \"$name\"\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthBasicProvider external\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " AuthExternal pwauth\n";
'''$OUT .= " require user admin pierre paul\n";'''
'''$OUT .= " require user admin pierre paul\n";'''
You have to download a plugin of pwauth to authenticate unix group in SME Server 8 : http://code.google.com/p/pwauth/
You have to download a plugin of pwauth to authenticate unix group in SME Server 8 : http://code.google.com/p/pwauth/
For SME Server 9 a nfr is raised see [[bugzilla:3690]]
wget http://pwauth.googlecode.com/files/pwauth-2.3.10.tar.gz
wget http://pwauth.googlecode.com/files/pwauth-2.3.10.tar.gz
tar xvzf pwauth-2.3.10.tar.gz
tar xvzf pwauth-2.3.10.tar.gz
chown root:www /usr/lib/httpd/modules/unixgroup
chown root:www /usr/lib/httpd/modules/unixgroup
chmod 750 /usr/lib/httpd/modules/unixgroup
chmod 750 /usr/lib/httpd/modules/unixgroup
We need to create a new fragment<br />
nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth
nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth
{
{
$OUT .= " AddExternalGroup ugroup /usr/lib/httpd/modules/unixgroup\n";
$OUT .= " AddExternalGroup unixgroup /usr/lib/httpd/modules/unixgroup\n";
$OUT .= " SetExternalGroupMethod ugroup environment\n";
$OUT .= " SetExternalGroupMethod unixgroup environment\n";
}
}
$OUT .= " AuthName \"$name\"\n";
$OUT .= " AuthName \"$name\"\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthBasicProvider external\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " GroupExternal ugroup\n";
$OUT .= " GroupExternal unixgroup\n";
$OUT .= " AuthzUserAuthoritative off\n";
$OUT .= " AuthzUserAuthoritative off\n";
'''$OUT .= " require user admin pierre paul\n";'''
'''$OUT .= " require user admin pierre paul\n";'''
'''$OUT .= " require group virt \n";'''
'''$OUT .= " require group virt\n";'''
$OUT .= " Satisfy $satisfy\n";
$OUT .= " Satisfy $satisfy\n";
}
}
*DB command to choose groups and users
*DB command to choose groups and users
Above we have seen how to write name of groups or users directly in the template, but in the real life it is not enough good :)
Above we have seen how to write name of groups or users directly in the template, but in the real life it is not enough good :)<br />
The purpose is to choose users or groups by command line.
The purpose is to choose users or groups by command line.
-In first you have to make other DB configuration as described [[Web_Application_RPM#db_defaults]]
-In first you have to make other DB configuration as described [[Web_Application_RPM#db_defaults]]
echo "admin" > root/etc/e-smith/db/configuration/defaults/phpvirtualbox/User
echo "admin" > root/etc/e-smith/db/configuration/defaults/foo/User
echo "" > root/etc/e-smith/db/configuration/defaults/phpvirtualbox/Group
echo "" > root/etc/e-smith/db/configuration/defaults/foo/Group
Only the user admin is set by default
-You have to download a plugin of pwauth to authenticate unix group in SME Server 8 : http://code.google.com/p/pwauth/
-You have to download a plugin of pwauth to authenticate unix group in SME Server 8 : http://code.google.com/p/pwauth/
chown root:www /usr/lib/httpd/modules/unixgroup
chown root:www /usr/lib/httpd/modules/unixgroup
chmod 750 /usr/lib/httpd/modules/unixgroup
chmod 750 /usr/lib/httpd/modules/unixgroup
We need to create a new fragment<br />
nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth
{
$OUT .= " AddExternalGroup unixgroup /usr/lib/httpd/modules/unixgroup\n";
$OUT .= " SetExternalGroupMethod unixgroup environment\n";
}
Now you need to modify the 92foo template with these new lines <br />
nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo
{
$OUT .= " AuthName \"$name\"\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " GroupExternal unixgroup\n";
$OUT .= " AuthzUserAuthoritative off\n";
$OUT .= " require user $foo{'User'}\n";
$OUT .= " require group $foo{'Group'}\n";
$OUT .= " Satisfy $satisfy\n";
}
-change groups and users allowed by CL
config setprop foo User "admin toto"
config setprop foo Group "famille virt"
then
signal-event console-save
=====SME Server 9=====
The apache authentication is made by a new file named authnz_external_module instead of auth_external_module, therefore you need to slightly modify the code above. <br />
If it is not done you can have this error in log file and you won't be authenticated
configuration error: couldn't check user. No user file?:
See this [http://code.google.com/p/mod-auth-external/wiki/ConfigApache22 howTo]. You need to verify if your /etc/httpd/conf/httpd.conf contain these lines
AddExternalGroup unixgroup /usr/bin/unixgroup
SetExternalGroupMethod unixgroup environment
We are waiting the default use of authenticator unixgroup in sme9 (see [[bugzilla:8008]]). For now you need to make the relevant fragment template.
nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth
nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth
{
{
$OUT .= " AddExternalGroup ugroup /usr/lib/httpd/modules/unixgroup\n";
$OUT .= " AddExternalGroup unixgroup /usr/bin/unixgroup\n";
$OUT .= " SetExternalGroupMethod ugroup environment\n";
$OUT .= " SetExternalGroupMethod unixgroup environment\n";
}
}
nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo
nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo
{
{
$OUT .= " AuthName \"$name\"\n";
$OUT .= " AuthName \"$name\"\n";
$OUT .= " '''AuthBasicProvider external'''\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " GroupExternal ugroup\n";
$OUT .= " GroupExternal unixgroup\n";
$OUT .= " AuthzUserAuthoritative off\n";
$OUT .= " AuthzUserAuthoritative off\n";
$OUT .= " require user $phpvirtualbox{'User'}\n";
$OUT .= " require user $foo{'User'}\n";
$OUT .= " require group $phpvirtualbox{'Group'}\n";
$OUT .= " require group $foo{'Group'}\n";
$OUT .= " Satisfy $satisfy\n";
$OUT .= " Satisfy $satisfy\n";
}
}
-change groups and users allowed by CL
config setprop foo User "admin toto"
config setprop foo Group "famille virt"
then
signal-event console-save
====Upload_tmp_dir====
====Upload_tmp_dir====
{
{
my $status = $roundcube{'status'} || "disabled";
my $status = $foo{'status'} || "disabled";
return " # roundcube is disabled in this VirtualHost"
return " # foo is disabled in this VirtualHost"
unless $status eq 'enabled';
unless $status eq 'enabled';
global-pw => Entire Internet(password required)
global-pw => Entire Internet(password required)
global-pw-remote => Entire Internet(password required outside local network)
global-pw-remote => Entire Internet(password required outside local network)
*change groups and users allowed by CL
config setprop foo User "admin toto"
config setprop foo Group "famille virt"
then
signal-event console-save
* To add a different URL eg. yourserver.net/foo
* To add a different URL eg. yourserver.net/foo