Comments on: How to Proxy Pass REMOTE_USER: write your own apache module http://www.jaddog.org/2010/03/22/how-to-proxy-pass-remote_user/ Just Another Day Depending On Grace Fri, 18 Feb 2011 09:49:30 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: lduivenbode http://www.jaddog.org/2010/03/22/how-to-proxy-pass-remote_user/comment-page-1/#comment-27 lduivenbode Fri, 18 Feb 2011 09:49:30 +0000 http://www.jaddog.org/?p=274#comment-27 Ah, I forgot about Wordpress stripping out tags - here's the config again: <Directory /var/www/seqta/demo/ta/> # AUTH START AuthName "Kerberos Login" AuthType Kerberos KrbServiceName HTTP Krb5Keytab /etc/apache2/master.keytab KrbAuthRealm SEQTA-TEST.LOCAL KrbMethodNegotiate on KrbMethodk5Passwd on KrbSaveCredentials on require valid-user Options +FollowSymLinks +Includes XBitHack on </Directory> <Location /seqta> ProxyPass http://localhost:8080/demo/seqta ProxyPassReverse / ProxyPassReverseCookiePath /demo/seqta / Allow from all </Location> Ah, I forgot about WordPress stripping out tags – here’s the config again:

<Directory /var/www/seqta/demo/ta/>
# AUTH START
AuthName “Kerberos Login”
AuthType Kerberos
KrbServiceName HTTP
Krb5Keytab /etc/apache2/master.keytab
KrbAuthRealm SEQTA-TEST.LOCAL
KrbMethodNegotiate on
KrbMethodk5Passwd on
KrbSaveCredentials on
require valid-user

Options +FollowSymLinks +Includes
XBitHack on
</Directory>

<Location /seqta>
ProxyPass http://localhost:8080/demo/seqta
ProxyPassReverse /
ProxyPassReverseCookiePath /demo/seqta /
Allow from all
</Location>

]]> By: lduivenbode http://www.jaddog.org/2010/03/22/how-to-proxy-pass-remote_user/comment-page-1/#comment-26 lduivenbode Fri, 18 Feb 2011 09:47:19 +0000 http://www.jaddog.org/?p=274#comment-26 I'm just wonder what version of Apache, mod_auth_kerb, and OS people were using? I've been struggling to get a similar situation working for a directive but everytime I see the module loading for a proxied URL the request->user field is NULL! A snippet of the config is below, and I've taken the code from "threebit" and made the above changes. I thought that perhaps things had changed, but from what I can see the "fixup" hook is still correct (mod_proxy_http is in the handler phase, and mod_auth_kerb is still in the auth/security phase). Any suggestions would be welcome! #-- SNIP -- # AUTH START AuthName "Kerberos Login" AuthType Kerberos KrbServiceName HTTP Krb5Keytab /etc/apache2/master.keytab KrbAuthRealm TEST.LOCAL KrbMethodNegotiate on KrbMethodk5Passwd on KrbSaveCredentials on require valid-user Options +FollowSymLinks +Includes XBitHack on ProxyRequests off ProxyPass http://localhost:8080/test ProxyPassReverse / ProxyPassReverseCookiePath /test / Allow from all #-- SNIP -- I’m just wonder what version of Apache, mod_auth_kerb, and OS people were using?

I’ve been struggling to get a similar situation working for a directive but everytime I see the module loading for a proxied URL the request->user field is NULL! A snippet of the config is below, and I’ve taken the code from “threebit” and made the above changes.

I thought that perhaps things had changed, but from what I can see the “fixup” hook is still correct (mod_proxy_http is in the handler phase, and mod_auth_kerb is still in the auth/security phase). Any suggestions would be welcome!

#– SNIP –

# AUTH START
AuthName “Kerberos Login”
AuthType Kerberos
KrbServiceName HTTP
Krb5Keytab /etc/apache2/master.keytab
KrbAuthRealm TEST.LOCAL
KrbMethodNegotiate on
KrbMethodk5Passwd on
KrbSaveCredentials on
require valid-user

Options +FollowSymLinks +Includes
XBitHack on

ProxyRequests off

ProxyPass http://localhost:8080/test
ProxyPassReverse /
ProxyPassReverseCookiePath /test /
Allow from all

#– SNIP –

]]> By: mxs http://www.jaddog.org/2010/03/22/how-to-proxy-pass-remote_user/comment-page-1/#comment-23 mxs Tue, 13 Jul 2010 14:08:56 +0000 http://www.jaddog.org/?p=274#comment-23 Yes, it's working as expected, more, it has allowed me to play a bit with apache's API, and to learn a little bit more about Apache's internals, many thanks for this. Yes, it’s working as expected, more, it has allowed me to play a bit with apache’s API, and to learn a little bit more about Apache’s internals, many thanks for this.

]]> By: mxs http://www.jaddog.org/2010/03/22/how-to-proxy-pass-remote_user/comment-page-1/#comment-21 mxs Tue, 13 Jul 2010 07:32:31 +0000 http://www.jaddog.org/?p=274#comment-21 The module can be found here : http://github.com/aimxhaisse/mod-proxy-add-user . I haven't used the "Fixup" hook because the module I was using is setting the REMOTE_USER *after* the fixup phase, during the handler. Therefore the module is ugly and depends on the order on which modules are loaded, this is the only solution I see for my problem. Once again, many thanks for your article. The module can be found here : http://github.com/aimxhaisse/mod-proxy-add-user .

I haven’t used the “Fixup” hook because the module I was using is setting the REMOTE_USER *after* the fixup phase, during the handler. Therefore the module is ugly and depends on the order on which modules are loaded, this is the only solution I see for my problem. Once again, many thanks for your article.

]]> By: mxs http://www.jaddog.org/2010/03/22/how-to-proxy-pass-remote_user/comment-page-1/#comment-20 mxs Mon, 12 Jul 2010 09:13:08 +0000 http://www.jaddog.org/?p=274#comment-20 Hi, Many thanks for this article, I'm facing the same problematics with mod-auth-openid (an openid authentication module for apache), and I think I'm going to write a little module for it :) Hi,

Many thanks for this article, I’m facing the same problematics with mod-auth-openid (an openid authentication module for apache), and I think I’m going to write a little module for it :)

]]> By: as http://www.jaddog.org/2010/03/22/how-to-proxy-pass-remote_user/comment-page-1/#comment-14 as Mon, 22 Mar 2010 22:05:38 +0000 http://www.jaddog.org/?p=274#comment-14 greatest blog post ever :-) greatest blog post ever :-)

]]>