[ZBX-5513] External HTTP Auth broken for non-password based authentication mechanisms Created: 2012 Aug 29 Updated: 2017 May 30 Resolved: 2012 Sep 05 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Frontend (F) |
Affects Version/s: | 2.0.2 |
Fix Version/s: | 2.0.3rc1, 2.1.0 |
Type: | Incident report | Priority: | Major |
Reporter: | David McNett | Assignee: | Unassigned |
Resolution: | Fixed | Votes: | 0 |
Labels: | apache, authentication, frontend | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Apache 2.2.22 and PHP 5.4.3 |
Issue Links: |
|
Description |
A recent change to breaks external HTTP authentication for any auth method which does not use passwords (mod_auth_tkt or mod_auth_pam for example). Even though the underlying authentication is successful, the user is given a "You are not logged in." error when attempting to view the frontend. This was reported in the forums by a user at http://www.zabbix.com/forum/showthread.php?t=28371 Commit r28716 (tomtom | 2012-07-06 06:08:24 +0000) changed this line in frontends/php/index.php
This would appear to require any Apache external authentication mechanism to have supplied both the authenticated username as well as an associated password. However many external authentication mechanisms do not involve passwords and therefore fail this test because there is no PHP_AUTH_PW populated. This commit was associated with If the additional check of requiring a non-empty is truly necessary to resolve |
Comments |
Comment by Oleksii Zagorskyi [ 2012 Sep 02 ] |
Also an issue where were significant changes (as I recall) in this meaning - And I thinks the |
Comment by Eduards Samersovs (Inactive) [ 2012 Sep 05 ] |
Fixed in development branch svn://svn.zabbix.com/branches/dev/ZBX-5513 |
Comment by Eduards Samersovs (Inactive) [ 2012 Sep 05 ] |
Fixed in versions pre-2.1.0 (beta) r30107, pre-2.0.3 r30106 |