[mpm-itk] problem with authentication (AuthType Basic...)

Alex Domoradov alex.hha at gmail.com
Fri Mar 29 07:54:36 CET 2013


> but I need a way out, a workaround, to allow my users to use authentication...

1 virtual host = 1 web site = 1 user ?

On Thu, Mar 28, 2013 at 6:13 PM, Patrick Proniewski <patpro at patpro.net> wrote:
> Hello,
>
> I've just deployed apache 2.2 with mpm-itk in production (~35 vhosts, 250 web sites) and discovered a serious issue.
> As you can read, I've got more web sites than vhosts, so basically, for some vhosts I have many web sites:
>
> <vhost number 1>
>         # global directives
>         ...
>         # default user:group
>         AssignUserID www www
>
>         <directory #1>
>                 # local user:group
>                 AssignUserID user1 www
>         </directory>
>         <directory #2>
>                 # local user:group
>                 AssignUserID user2 www
>         </directory>
>         # and so on
>         ...
>
> Works great, until some user tries to use authentication (.htaccess for example). Something quite simlpe like this will fail:
>
>         AuthType Basic
>         AuthName "foo bar"
>         AuthUserFile /tmp/patpro.passwd
>         AuthGroupFile /tmp/patpro.group
>         Require group admin
>
> The symptom is quite clear:
>
> [warn] Couldn't set uid/gid/priority, closing connection.
> [warn] (itkmpm: pid=82842 uid=1002, gid=80) itk_post_perdir_config(): initgroups(www, 80): Operation not permitted
>
> When I GET a web page into http://vhost #1/directory #1/ httpd process takes UID user1 and GID www (80), then the process tries to trigger authentication. This authentication process seems to relate to vhost #1, so httpd process tries to switch to UID www, and fails.
> I understand it's perfectly "legal", but I need a way out, a workaround, to allow my users to use authentication...
>
> Any idea?
>
> regards,
> Patrick
> _______________________________________________
> mpm-itk mailing list
> mpm-itk at err.no
> http://lists.err.no/mailman/listinfo/mpm-itk



More information about the mpm-itk mailing list