Skip to content

Latest commit

 

History

History
66 lines (41 loc) · 2.14 KB

README.apache-2.4.pod

File metadata and controls

66 lines (41 loc) · 2.14 KB

APACHE 2.4 PORTING NOTES

VERY IMPORTANT!!!

Apache 2.4 has a VERY different authentication API from previous versions. You will not be able to simply upgrade to Apache 2.4, and install an updated Apache2::AuthTicket module to migrate to 2.4. You will also need to update your configuration file because the way things are configured in Apache 2.4 is different. This has nothing to do with AuthTicket itself. It is due to the way Authentication and Authorization works inside apache.

This document attempts to help you understand what has changed and what changes are required.

If you have subclassed Apache2::AuthTicket then you will also need to port the code in your subclass over to the new Apache API as well.

Configuration Changes

  • Remove all PerlAuthzHandler entries.

    PerlAuthzHandler does not exist in Apache 2.4.

  • Add Require all granted to your LoginHandler and LoginScript handlers.

    You MUST have at least one Require directive under apache 2.4. If you do not have this, apache will produce the error:

    AuthType configured with no corresponding authorization directives error

    When trying to access these handlers. The solution is to use Require all granted.

  • Remove ${auth_name}Satisfy directives.

    Satisfy support is removed as it is no longer needed with Apache 2.4.

    You are expected to use RequireAll or RequireAny instead.

  • If you have any Require directives that require anything other than valid-user user ... all ..., then you will need to subclass Apache2::AuthTicket and write an Authz provider to handle this. This is not common.

    This would be configured with something like:

    PerlAddAuthzProvider species My::AuthTicket->authz_species

    This would call My::AuthTicket::authz_species() for any Require species kilingon type directives. Again, if you are just requring user or valid-user you do not need to do this. Apache supplies an authz provider that handles those for you.

    See the README.apache-2.4.pod in the Apache2::AuthCookie distribution for details on how to write an authz provider method.