My company is currently trying implement a new Perl FastCGI based login script to work with Apache 2.4's mod_fcgid module. Our old one relied on mod_perl to do the bridge between Apache's basic authentication and Perl, but mod_perl is no longer available in RHEL 8.
After a ton of research over the past 2 weeks, I have been unable to get it to work. I confess my Apache knowledge is quite limited, I'm a programmer and I basically taught myself what I know, so I'm sorry in advance if it's something trivial.
Below is my virtual server configuration, based on mod_fcgid documentation:
<VirtualHost *:80>
ServerAdmin suporte@ourserver.com
DocumentRoot "/var/www/"
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/teste_fcgi_autenticador/"
ServerName teste_autenticacao.ourserver.com
<Directory /var/www/cgi-bin/teste_fcgi_autenticador>
Options +ExecCGI +FollowSymLinks
AllowOverride AuthConfig
AddHandler fcgid-script .cgi .pl
AuthType Basic
AuthName "Simple_login"
#AuthUserFile /var/www/cgi-bin/teste_fcgi_autenticador/.htpasswd
FcgidAuthenticator /usr/lib64/perl5/Autenticador/autenticador.pl
Require valid-user
</Directory>
ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access_log combined
</VirtualHost>
Running the above without AuthType and AuthName does appear to work, as the error log shows:
mod_fcgid: authenticator requires basic HTTP auth credentials
No authentication done but request not allowed without authentication for /cgi-bin/teste.pl. Authentication not configured?
When I add those tags, the log complains that AuthUserFile is missing, implying it is expecting the .htpasswrd file instead of my script.
When I try to run this server config with AuthUserFile, it works like a charm, but validating the user/password from .htpasswrd file instead of my script.
I have also tried to add this configuration to fcgid.conf, as follows, using both the old and the new designation, with no success:
# This is the Apache server configuration file for providing FastCGI support
# through mod_fcgid
#
# Documentation is available at
# http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
# Use FastCGI to process .fcg .fcgi & .fpl scripts
AddHandler fcgid-script fcg fcgi fpl
# Sane place to put sockets and shared memory file
FcgidIPCDir /run/mod_fcgid
FcgidProcessTableFile /run/mod_fcgid/fcgid_shm
# Function that handles authentication
#FastCgiAuthenticator /usr/lib64/perl5/Autenticador/autenticador.pl
FcgidAuthenticator /usr/lib64/perl5/Autenticador/autenticador.pl
Here is the Perl script autenticador.pl we are trying to run - example taken from mod_authnz_fcgi documentation (both the file and the folder it is in have full permissions):
#!/usr/bin/perl
use FCGI;
my $request = FCGI::Request();
while ($request->Accept() >= 0) {
die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHENTICATOR";
die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER";
die if !$ENV{'REMOTE_PASSWD'};
die if !$ENV{'REMOTE_USER'};
print STDERR "This text is written to the web server error log.\n";
if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") &&
$ENV{'REMOTE_PASSWD'} eq "bar" ) {
print "Status: 200\n";
print "Variable-AUTHN_1: authn_01\n";
print "Variable-AUTHN_2: authn_02\n";
print "\n";
}
else {
print "Status: 401\n\n";
}
}
Note: we are NOT using mod_authnz_fcgi, as it is not available in RHEL 8's Apache 2.4 build. We are currently only using the script - which does work as intended when called from the shell. If you know how to get this module installed and running, please let me know.
System configuration for reference:
Amazon AWS server running RHEL 8
Apache 2.4.37
Perl 5.26.3
Thanks in advance for any thoughts.
