[users at bb.net] How do you pass through authentication from Apache?

Chris Spencer chrisspen at gmail.com
Wed Feb 15 17:29:27 UTC 2017 

I'm still confused. You said if I used RemoteUserAuth, Buildbot won't show
a login form, but it is. Even if Apache isn't correctly passing through the
username, should that not be happening? Does Buildbot render a login form
for anonymous users, regardless of the auth method?

On Wed, Feb 15, 2017 at 12:01 PM, Pierre Tardy <tardyp at gmail.com> wrote:

> From what I see, the buildbot config looks good.
>
> I guess the issue you have is more about how to configure apache to
> enforce authentication of a proxy
>
> Perhaps you can get more help in an apache forum.
>
> Pierre
>
> Le mer. 15 févr. 2017 à 17:55, Chris Spencer <chrisspen at gmail.com> a
> écrit :
>
>> The example Apache config doesn't include basic auth. I'm unfamiliar with
>> using websockets and basic auth together. How would I do that? Would I add
>> the auth settings to the <Location /ws> section or a separate <Location />
>> section?
>>
>> On Wed, Feb 15, 2017 at 11:09 AM, Pierre Tardy <tardyp at gmail.com> wrote:
>>
>> The goal of RemoteUserAuth is to disable completely the login UI of
>> buildbot, and let apache handle the authentication alone.
>>
>> Buildbot will get a header from Apache telling it which user is actually
>> logged in.
>>
>> If you configured your apache correctly, you should never achive to get
>> the buildbot UI unless you get a browser-based login prompt.
>>              Require valid-user  is if I understand correctly what is
>> need to implement such thing
>>
>> Also, please note that apache requires a specific configuration to allow
>> websocket to work correctly
>> http://docs.buildbot.net/latest/manual/cfg-www.html#
>> reverse-proxy-configuration
>>
>>
>>
>> Le mer. 15 févr. 2017 à 17:02, Chris Spencer <chrisspen at gmail.com> a
>> écrit :
>>
>> I'm not sure I understand. Anonymous users can definitely still see the
>> site from Apache in 0.9.*. I'm looking at my Buildbot server right now as
>> an anonymous user. It seems to hide a lot of details for anonymous users,
>> but it's still rendering the basic site, listing builders and recent
>> builds. By "show no output" I mean it should only render a login page and
>> nothing else if the user is not authenticated.
>>
>> I tried the util.RemoteUserAuth but it doesn't seem to do anything.
>> Buildbot still requires I login via the on-screen user login dropdown, and
>> ignores the basic Http login I give to Apache.
>>
>> Oddly, it also seems to ignore util.HTPasswdAuth(). If I enter a
>> username/password that I added to my htpasswd file into Buildbot's login
>> form, Buildbot still won't let me login through its web interface. Is there
>> some trick to getting an htpasswd file to work with Buildbot? There are no
>> errors reported in the twistd.log.
>>
>> This is my Apache config:
>>
>>     <VirtualHost *:80>
>>
>>         ProxyPass / http://127.0.0.1:8010/
>>
>>         <Location />
>>             AuthType Basic
>>             AuthName "Buildbot"
>>             AuthUserFile /usr/local/myproject/src/buildbot/htpasswd
>>             Require valid-user
>>         </Location>
>>
>>     </VirtualHost>
>>
>>
>> On Wed, Feb 15, 2017 at 3:50 AM, Pierre Tardy <tardyp at gmail.com> wrote:
>>
>> Hi Chris,
>> What you are looking for is theRemoteUserAuth plugin
>> http://buildbot.readthedocs.io/en/latest/manual/cfg-www.
>> html#buildbot.www.auth.RemoteUserAuth
>>
>> There is no more support for combination useHttpHeader + HTPasswdAprAuth,
>> which allowed apache authentication + anonymous access.
>> I am not sure exactly if this is what you mean by "show no output to an
>> anonymous user"
>>
>> Pierre
>>
>> Le mer. 15 févr. 2017 à 07:21, Chris Spencer <chrisspen at gmail.com> a
>> écrit :
>>
>> In 0.8.*, I was using http authentication in Apache to collect the
>> username/password and pass that through to Buildbot. I was doing that with:
>>
>>     authz_cfg=authz.Authz(
>>         auth=auth.HTPasswdAprAuth('.htpasswd')),
>>         useHttpHeader=True,
>>         ...
>>     )
>>
>> However, in 0.9.*, there doesn't appear to be a HTPasswdAprAuth class or
>> a useHttpHeader option. Is there still a way to setup this type of
>> authentication?
>>
>> My goal is to show no output to an anonymous user.
>>
>> _______________________________________________
>> users mailing list
>> users at buildbot.net
>> https://lists.buildbot.net/mailman/listinfo/users
>>
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildbot.net/pipermail/users/attachments/20170215/f5e117d7/attachment.html>

More information about the users mailing list