Mailing List Archive

This comes to mind:

https://code.google.com/archive/p/mod-auth-external/wikis/AuthNZ.wiki

On Wed, May 17, 2023 at 12:48?PM Adam Weremczuk <adamw@matrixscience.com>
wrote:

> Hi all,
>
> I run some old Bugzilla 3.6.11 (https://www.bugzilla.org) on SERVER1
> (Debian 7 / Apache 2.2.22 / MySQL 5.5.31).
>
> The following authentication works locally:
>
> AuthType Basic
> AuthPAM_Enabled on
> AuthBasicAuthoritative off
> AuthUserFile /dev/null
>
> I have migrated Bugzilla to a modern stack on SERVER2 (Debian 11 /
> Apache 2.4.56 / MariaDB 10.5.19) but struggle with authentication.
>
> Is it possible to use pwauth to consult usernames/passwords on SERVER1
> from SERVER2 by IP?
>
> What other authentication options do I have?
>
> I would rather avoid doing things such as copying usernames and
> passwords across.
>
> Regards,
> Adam
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Thank you Frank.

This is my entire gitweb config:

cat /etc/apache2/conf-available/gitweb.conf
<IfModule mod_alias.c>
  <IfModule mod_mime.c>
    <IfModule mod_cgi.c>
      Define ENABLE_GITWEB
    </IfModule>
    <IfModule mod_cgid.c>
      Define ENABLE_GITWEB
    </IfModule>
  </IfModule>
</IfModule>

<IfDefine ENABLE_GITWEB>
  Alias /gitweb /usr/share/gitweb

        AddExternalAuth pwauth /usr/sbin/pwauth
        SetExternalAuthMethod pwauth pipe

  <Directory /usr/share/gitweb>
    Options +FollowSymLinks +ExecCGI
    AddHandler cgi-script .cgi

        AuthName 'Enter your username and password'
        AuthType Basic
        AuthBasicProvider external
        AuthExternal pwauth
        Require valid-user

        Order Deny,Allow
        Satisfy any
        Deny from all
        Require valid-user

  </Directory>
</IfDefine>

The configuration is working fine and authenticates users as expected.

What I don't understand is how does apache know which server to consult
for the credentials?

Just saying "external" surely shouldn't be enough without specifying a
FQDN or IP, port number etc. like you do with:

AuthLDAPURL ldap://

What am I missing here?

Regards,
Adam

On 18/05/2023 20:21, Frank Gingras wrote:
> This comes to mind:
>
> https://code.google.com/archive/p/mod-auth-external/wikis/AuthNZ.wiki
>
> On Wed, May 17, 2023 at 12:48?PM Adam Weremczuk
> <adamw@matrixscience.com> wrote:
>
> Hi all,
>
> I run some old Bugzilla 3.6.11 (https://www.bugzilla.org) on SERVER1
> (Debian 7 / Apache 2.2.22 / MySQL 5.5.31).
>
> The following authentication works locally:
>
> AuthType Basic
> AuthPAM_Enabled on
> AuthBasicAuthoritative off
> AuthUserFile /dev/null
>
> I have migrated Bugzilla to a modern stack on SERVER2 (Debian 11 /
> Apache 2.4.56 / MariaDB 10.5.19) but struggle with authentication.
>
> Is it possible to use pwauth to consult usernames/passwords on
> SERVER1
> from SERVER2 by IP?
>
> What other authentication options do I have?
>
> I would rather avoid doing things such as copying usernames and
> passwords across.
>
> Regards,
> Adam
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>