• Type: Incident report
    • Status: Open
    • Priority: Trivial
    • Resolution: Unresolved
    • Affects Version/s: 2.4.4
    • Fix Version/s: None
    • Component/s: Frontend (F)


      This appears to be directly related to ZBX-5513

      I am running zabbix 2.4.4 on ubuntu 14.10 under apache 2.4.10 and mod_php 5.5.12. For authentication I am using mod_auth_pubtkt 0.8.

      I cannot get the HTTP authentication to work. I am logging in with a user that also exists in the zabbix DB.

      Looking at index.php I see this:

      if ($config['authentication_type'] == ZBX_AUTH_HTTP) {
              if (!empty($_SERVER['PHP_AUTH_USER'])) {
                      $_REQUEST['enter'] = _('Sign in');
                      $_REQUEST['name'] = $_SERVER['PHP_AUTH_USER'];
              else {

      mod_auth_pubtkt does set REMOTE_USER, but this does not cause the PHP_AUTH_USER variable to be set which would explain why this is not working. It seems that utilizing REMOTE_USER would be the better option.

      In fact, on my install, I simply replaces PHP_AUTH_USER with REMOTE_USER in index.php and include/classes/api/services/CUser.php (5 instances total) and now it is working fine.

      Perhaps on other systems REMOTE_USER would not be set, but I think it is pretty much the standard for HTTP basic auth, so it seems like this would be a resonable change. However, for the sake of makeing sure you don't break something else, you might simply check and if PHP_AUTH_USER is not set, set it to the value of REMOTE_USER. That would be a one line change and should prevent any breakage.




            • Assignee:
              therevmj Michael Johnson
            • Votes:
              0 Vote for this issue
              3 Start watching this issue


              • Created: