[users at bb.net] How do you pass through authentication from Apache?

Pierre Tardy tardyp at gmail.com
Wed Feb 15 16:09:49 UTC 2017

The goal of RemoteUserAuth is to disable completely the login UI of
buildbot, and let apache handle the authentication alone.

Buildbot will get a header from Apache telling it which user is actually
logged in.

If you configured your apache correctly, you should never achive to get the
buildbot UI unless you get a browser-based login prompt.
             Require valid-user  is if I understand correctly what is need
to implement such thing

Also, please note that apache requires a specific configuration to allow
websocket to work correctly

Le mer. 15 févr. 2017 à 17:02, Chris Spencer <chrisspen at gmail.com> a écrit :

> I'm not sure I understand. Anonymous users can definitely still see the
> site from Apache in 0.9.*. I'm looking at my Buildbot server right now as
> an anonymous user. It seems to hide a lot of details for anonymous users,
> but it's still rendering the basic site, listing builders and recent
> builds. By "show no output" I mean it should only render a login page and
> nothing else if the user is not authenticated.
> I tried the util.RemoteUserAuth but it doesn't seem to do anything.
> Buildbot still requires I login via the on-screen user login dropdown, and
> ignores the basic Http login I give to Apache.
> Oddly, it also seems to ignore util.HTPasswdAuth(). If I enter a
> username/password that I added to my htpasswd file into Buildbot's login
> form, Buildbot still won't let me login through its web interface. Is there
> some trick to getting an htpasswd file to work with Buildbot? There are no
> errors reported in the twistd.log.
> This is my Apache config:
>     <VirtualHost *:80>
>         ProxyPass /
>         <Location />
>             AuthType Basic
>             AuthName "Buildbot"
>             AuthUserFile /usr/local/myproject/src/buildbot/htpasswd
>             Require valid-user
>         </Location>
>     </VirtualHost>
> On Wed, Feb 15, 2017 at 3:50 AM, Pierre Tardy <tardyp at gmail.com> wrote:
> Hi Chris,
> What you are looking for is theRemoteUserAuth plugin
> http://buildbot.readthedocs.io/en/latest/manual/cfg-www.html#buildbot.www.auth.RemoteUserAuth
> There is no more support for combination useHttpHeader + HTPasswdAprAuth,
> which allowed apache authentication + anonymous access.
> I am not sure exactly if this is what you mean by "show no output to an
> anonymous user"
> Pierre
> Le mer. 15 févr. 2017 à 07:21, Chris Spencer <chrisspen at gmail.com> a
> écrit :
> In 0.8.*, I was using http authentication in Apache to collect the
> username/password and pass that through to Buildbot. I was doing that with:
>     authz_cfg=authz.Authz(
>         auth=auth.HTPasswdAprAuth('.htpasswd')),
>         useHttpHeader=True,
>         ...
>     )
> However, in 0.9.*, there doesn't appear to be a HTPasswdAprAuth class or a
> useHttpHeader option. Is there still a way to setup this type of
> authentication?
> My goal is to show no output to an anonymous user.
> _______________________________________________
> users mailing list
> users at buildbot.net
> https://lists.buildbot.net/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildbot.net/pipermail/users/attachments/20170215/fa0df96e/attachment.html>

More information about the users mailing list