[racktables-users] Re: httpd authentication

From: Jason Hamilton <jason@xxxxxxxxxxxxxxxxxx>
To: racktables-users@xxxxxxxxxxxxx
Date: Mon, 15 Jun 2009 17:08:49 -0400

Denis,

That's the thing. The boxes were all blank which left me a little
confused (no php warnings either). I changed the code a bit to get it
working for what I needed. The resulting change allowed username's which
authed against ldap to login if they had a corresponding local username
in the racktables database (I'm using a blank password for the database
user because I'm not interested in keeping them synced). I would have
thought that have "require_local_account = FALSE;"  would not require
the database user to even exist, but it actually had a nice side-effect,
unexpected, but nice nonetheless (because it allowed me to re-use a
pre-existing Web OU in ldap and still limit particular users from
logging in). Below is my non-fancy diff:

================================================================
[root@waffles html]# diff -dur /root/RackTables-0.17.1 ./racks/
diff -dur /root/RackTables-0.17.1/inc/init.php ./racks/inc/init.php
--- /root/RackTables-0.17.1/inc/init.php        2009-06-01
11:22:20.000000000 -0400
+++ ./racks/inc/init.php        2009-06-09 05:02:14.000000000 -0400
@@ -32,7 +32,7 @@
 // Always have default values for these options, so if a user didn't
 // care to set, something would be working anyway.
 $user_auth_src = 'database';
-$require_local_account = TRUE;
+$require_local_account = FALSE;

 if (file_exists ('inc/secret.php'))
        require_once 'inc/secret.php';
diff -dur /root/RackTables-0.17.1/inc/interface.php
./racks/inc/interface.php
--- /root/RackTables-0.17.1/inc/interface.php   2009-06-03
12:43:29.000000000 -0400
+++ ./racks/inc/interface.php   2009-06-09 05:32:44.000000000 -0400
@@ -467,11 +467,12 @@
                showError ("Parameter '${argname}' is not a string
(calling function is [${caller}]).", __FUNCTION__);
                die();
        }
-       if (!$ok_if_empty and !strlen ($_REQUEST[$argname]))
-       {
-               showError ("Parameter '${argname}' is an empty string
(calling function is [${caller}]).", __FUNCTION__);
-               die();
-       }
+/*     if (!$ok_if_empty and !strlen ($_REQUEST[$argname]))
+ *     {
+ *             showError ("Parameter '${argname}' is an empty string
(calling function is [${caller}]).", __FUNCTION__);
+ *             die();
+ *     }
+*/
 }

 function assertBoolArg ($argname, $caller = 'N/A', $ok_if_empty = FALSE)
Only in ./racks/inc: secret.php
Only in /root/RackTables-0.17.1/inc: secret-sample.php
diff -dur /root/RackTables-0.17.1/index.php ./racks/index.php
--- /root/RackTables-0.17.1/index.php   2009-05-08 13:06:03.000000000 -0400
+++ ./racks/index.php   2009-06-09 05:06:27.000000000 -0400
@@ -3,11 +3,12 @@
 require 'inc/init.php';
 // no ctx override is necessary
 fixContext();
-if (!permitted())
-{
-       renderAccessDenied();
-       die;
-}
+/* if (!permitted())
+ *{
+ *     renderAccessDenied();
+ *     die;
+ *}
+ */
 // Only store the tab name after clearance is got. Any failure is
unhandleable.
 $_SESSION['RTLT'][$pageno] = $tabno;

Only in /root/RackTables-0.17.1: install
Only in /root/RackTables-0.17.1: install.php
Only in ./racks/: phpinfo.php
[root@waffles html]#
================================================================


Denis Ovsienko wrote:
>> I'm having trouble with the httpd method of auth. I have LDAP auth setup
>> properly in apache because I can auth through to other resources just
>> fine. Racktables is giving me an "access denied" page after LDAP succeeds.
>>     
>
> There is a table in this message, what is displayed there? Are there
> any PHP warnings in the logfile?
>
>
>   

-- 

-Jason

Follow-Ups:

[racktables-users] Re: httpd authentication
From: Denis Ovsienko

References:
- [racktables-users] httpd authentication
  - From: Jason Hamilton
- [racktables-users] Re: httpd authentication
  - From: Denis Ovsienko

[racktables-users] Re: httpd authentication

Other related posts: