[users at bb.net] How do you pass through authentication from Apache?
chrisspen at gmail.com
Wed Feb 15 17:29:27 UTC 2017
I'm still confused. You said if I used RemoteUserAuth, Buildbot won't show
a login form, but it is. Even if Apache isn't correctly passing through the
username, should that not be happening? Does Buildbot render a login form
for anonymous users, regardless of the auth method?
On Wed, Feb 15, 2017 at 12:01 PM, Pierre Tardy <tardyp at gmail.com> wrote:
> From what I see, the buildbot config looks good.
> I guess the issue you have is more about how to configure apache to
> enforce authentication of a proxy
> Perhaps you can get more help in an apache forum.
> Le mer. 15 févr. 2017 à 17:55, Chris Spencer <chrisspen at gmail.com> a
> écrit :
>> The example Apache config doesn't include basic auth. I'm unfamiliar with
>> using websockets and basic auth together. How would I do that? Would I add
>> the auth settings to the <Location /ws> section or a separate <Location />
>> On Wed, Feb 15, 2017 at 11:09 AM, Pierre Tardy <tardyp at gmail.com> wrote:
>> The goal of RemoteUserAuth is to disable completely the login UI of
>> buildbot, and let apache handle the authentication alone.
>> Buildbot will get a header from Apache telling it which user is actually
>> logged in.
>> If you configured your apache correctly, you should never achive to get
>> the buildbot UI unless you get a browser-based login prompt.
>> Require valid-user is if I understand correctly what is
>> need to implement such thing
>> Also, please note that apache requires a specific configuration to allow
>> websocket to work correctly
>> Le mer. 15 févr. 2017 à 17:02, Chris Spencer <chrisspen at gmail.com> a
>> écrit :
>> I'm not sure I understand. Anonymous users can definitely still see the
>> site from Apache in 0.9.*. I'm looking at my Buildbot server right now as
>> an anonymous user. It seems to hide a lot of details for anonymous users,
>> but it's still rendering the basic site, listing builders and recent
>> builds. By "show no output" I mean it should only render a login page and
>> nothing else if the user is not authenticated.
>> I tried the util.RemoteUserAuth but it doesn't seem to do anything.
>> Buildbot still requires I login via the on-screen user login dropdown, and
>> ignores the basic Http login I give to Apache.
>> Oddly, it also seems to ignore util.HTPasswdAuth(). If I enter a
>> username/password that I added to my htpasswd file into Buildbot's login
>> form, Buildbot still won't let me login through its web interface. Is there
>> some trick to getting an htpasswd file to work with Buildbot? There are no
>> errors reported in the twistd.log.
>> This is my Apache config:
>> <VirtualHost *:80>
>> ProxyPass / http://127.0.0.1:8010/
>> <Location />
>> AuthType Basic
>> AuthName "Buildbot"
>> AuthUserFile /usr/local/myproject/src/buildbot/htpasswd
>> Require valid-user
>> On Wed, Feb 15, 2017 at 3:50 AM, Pierre Tardy <tardyp at gmail.com> wrote:
>> Hi Chris,
>> What you are looking for is theRemoteUserAuth plugin
>> There is no more support for combination useHttpHeader + HTPasswdAprAuth,
>> which allowed apache authentication + anonymous access.
>> I am not sure exactly if this is what you mean by "show no output to an
>> anonymous user"
>> Le mer. 15 févr. 2017 à 07:21, Chris Spencer <chrisspen at gmail.com> a
>> écrit :
>> In 0.8.*, I was using http authentication in Apache to collect the
>> username/password and pass that through to Buildbot. I was doing that with:
>> However, in 0.9.*, there doesn't appear to be a HTPasswdAprAuth class or
>> a useHttpHeader option. Is there still a way to setup this type of
>> My goal is to show no output to an anonymous user.
>> users mailing list
>> users at buildbot.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users