[racktables-users] Re: httpd authentication
- From: Denis Ovsienko <pilot@xxxxxxxxxx>
- To: racktables-users@xxxxxxxxxxxxx
- Date: Tue, 16 Jun 2009 11:08:37 +0400
> You are quite correct. It is a short circuit. However, users are unable
> to login with your suggested settings unless both the local database
> user and ldap user have matching passwords. This, to me, quite defeats
> the purpose of having the user in ldap at all.
Hello.
There are two configuration tasks to get a working system:
1. Authentication setup. RackTables needs to know, that the presented
password really belongs to the user. When a user cannot authenticate,
he sees only username/password dialog popping up again and again. I
have checked on a 0.17.1 system, it really works with httpd. There is
no need for double-passwords except for "admin" user.
2. Authorization setup. The current user (which is already known to be
him, not someone else) is authorized for each action before the action
really happens. When he cannot be authenticated, he sees "access
denied" message. Your message most probably isn't empty, but it has:
Requested page: index
Requested tab: default
There is no autotag with the current user's name, and this is a bug.
This will not let you granting personal permissions to each user, but
in any way you can do that for pages and tabs:
allow {$tab_default}
(see other examples of RackCode at
https://racktables.org/trac/wiki/RackTablesAdminGuide)
If you want the access policy to depend on current username, you need
the following fix applied:
http://racktables.org/files/RackTables-0.17.1-httpdauth.patch
This will make {$username_SSSSSS} autotags get properly created (you
will see them in the "access denied" message).
Again, after a proper setup your system should work with no
modifications to source (except the patch above, perhaps). Normally all
user's changes are placed into inc/secret.php. Let me know, if this
helped.
Other related posts: