** Description changed: Binary package hint: libapache2-mod-auth-mysql As of Mon Oct 8 17:08:24 EEST 2007, there is no working solution to authenticate with mysql from apache. This is a serious problem that might hinder migration to gutsy in many sites. I have to file this bug against two packages as there are two possible solutions for mysql authentication, *neither of which work*: 1 [RECOMMENDED by Apache Foundation] mod_authn_dbd - (http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html) -- libapr1 doesn't contain a mysql driver, being entirely unusable (see detailed report at the other bug report referenced below) + (http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html) -- libapr1 doesn't contain a mysql driver, being entirely unusable (see detailed report at bug #150651) 2 [DEPRECATED] libapache2-mod-auth-mysql - doesn't honour the AuthBasicAuthoritative Off directive and doesn't work. + doesn't honour the AuthBasicAuthoritative Off directive and doesn't work. Details follow Versions: ------------- Updated Gutsy beta release. apache2-mpm-prefork 2.2.4-3build1 libapache2-mod-auth-mysql 4.3.9-4 Setup: ------------- a2enmod auth_mysql virtual host conf: <Location /mysqlauth> AuthName "mysql-auth test" AuthType Basic AuthBasicAuthoritative Off AuthMySQL On AuthMySQL_Authoritative On AuthMySQL_DB apache_auth_test AuthMySQL_User authtestuser AuthMySQL_Password authtestpassword AuthMySQL_Password_Table auth AuthMySQL_Username_Field username AuthMySQL_Password_Field passwd Auth_MySQL_Encryption_Types MySQL # AuthUserFile /dev/null or /var/www/empty -- enabling this results in stack smashing Require valid-user </Location> db setup: DROP database IF EXISTS apache_auth_test; create database apache_auth_test; use apache_auth_test; create table auth ( username char(25) not null, passwd char(25), primary key (username) ); insert into auth values ('somebody', PASSWORD('random')); grant all privileges on apache_auth_test.* to [EMAIL PROTECTED] identified by 'authtestpassword'; Result: ------------- 1. Without AuthUserFile directive: [Mon Oct 08 20:58:18 2007] [error] Internal error: pcfg_openfile() called with NULL filename [Mon Oct 08 20:58:18 2007] [error] [client 213.35.160.166] (9)Bad file descriptor: Could not open password file: (null) *** stack smashing detected ***: /usr/sbin/apache2 terminated [Mon Oct 08 20:58:18 2007] [notice] child pid 4834 exit signal Aborted (6) 2. With either AuthUserFile directive that points to a empty file (e.g. /dev/null) or AuthUserFile directive that points to a htpasswd file that does not contain the user name (e.g. trying with foo, but htapsswd file contains only bar): *** stack smashing detected ***: /usr/sbin/apache2 terminated [Mon Oct 08 16:57:05 2007] [notice] child pid 4250 exit signal Aborted (6) 3. With AuthUserFile directive that points to a htpasswd file that contains the user name (e.g. trying with foo and htpasswd file contains foo): authentication succeeds, but database authentication is ignored Conclusion: ------------- 1. AuthBasicAuthoritative Off is not honoured, 2. 'stack smashing detected' looks like a serious bug in libapache2-mod-auth-mysql.
** Tags added: gutsy -- gutsy does not have a working apache+mysql authentication solution https://bugs.launchpad.net/bugs/150649 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
