[ZBX-9427] HTTP auth not working Created: 2015 Mar 24 Updated: 2018 May 10 |
|
Status: | Open |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Frontend (F) |
Affects Version/s: | 2.4.4 |
Fix Version/s: | None |
Type: | Incident report | Priority: | Trivial |
Reporter: | Michael Johnson | Assignee: | Unassigned |
Resolution: | Unresolved | Votes: | 0 |
Labels: | apache, authentication, http | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
This appears to be directly related to I am running zabbix 2.4.4 on ubuntu 14.10 under apache 2.4.10 and mod_php 5.5.12. For authentication I am using mod_auth_pubtkt 0.8. I cannot get the HTTP authentication to work. I am logging in with a user that also exists in the zabbix DB. Looking at index.php I see this: if ($config['authentication_type'] == ZBX_AUTH_HTTP) { if (!empty($_SERVER['PHP_AUTH_USER'])) { $_REQUEST['enter'] = _('Sign in'); $_REQUEST['name'] = $_SERVER['PHP_AUTH_USER']; } else { access_deny(ACCESS_DENY_PAGE); } } mod_auth_pubtkt does set REMOTE_USER, but this does not cause the PHP_AUTH_USER variable to be set which would explain why this is not working. It seems that utilizing REMOTE_USER would be the better option. In fact, on my install, I simply replaces PHP_AUTH_USER with REMOTE_USER in index.php and include/classes/api/services/CUser.php (5 instances total) and now it is working fine. Perhaps on other systems REMOTE_USER would not be set, but I think it is pretty much the standard for HTTP basic auth, so it seems like this would be a resonable change. However, for the sake of makeing sure you don't break something else, you might simply check and if PHP_AUTH_USER is not set, set it to the value of REMOTE_USER. That would be a one line change and should prevent any breakage. |
Comments |
Comment by Michael Johnson [ 2015 Mar 24 ] |
I noticed I have a few "typos" in the report.
Sorry if that causes any confusion. asaveljevs Fixed. |
Comment by Oleksii Zagorskyi [ 2015 Apr 01 ] |
An example in |
Comment by Oleksii Zagorskyi [ 2015 Apr 16 ] |
Usage of REQUEST_USER suggested also in ZBX-3779 |