12/18/12 Update: not all is peachy keen. Login and autocreate account works, but logout can be an issue. I need to clear the session cookie when someone logout. Have not gotten around to coding that yet.
After a bit of fiddling around, I finally got ajaxplorer working with (ldap) kerberos5 as the backend authentication/access.
We are using ldap for users directory and kerberos5 for password. It’s a little bit different than what I am used to.
Anyway, I needed to get ajaxplorer working on a large filer for users to be able to access — locally and remotely — essentially our private ‘dropbox’. But getting ajaxplorer working with kerberos was a bitch! At first, I tried using ldap, got that working…. except ldap does not have our password, that’s where kerberos comes in. I thought about writing my own plugin, but damn it, I don’t have time for this.
After lots of googling, experimenting, etc. I found mod_auth_pam, which uses pam for basic HTTP auth. And since we are already using pam_krb5 for logins on our boxes, it’s a perfect solution.
Here is the section in my bootstrap_plugins.php:
$PLUGINS = array( "CONF_DRIVER" => array( "NAME" => "serial", "OPTIONS" => array( "REPOSITORIES_FILEPATH" => "AJXP_DATA_PATH/plugins/conf.serial/repo.ser", "ROLES_FILEPATH" => "AJXP_DATA_PATH/plugins/auth.serial/roles.ser", "USERS_DIRPATH" => "AJXP_DATA_PATH/plugins/auth.serial", "FAST_CHECKS" => false, "CUSTOM_DATA" => array( "email" => "Email", "country" => "Country" ) ) ), "AUTH_DRIVER" => array( "NAME" => "basic_http", "OPTIONS" => array( "USERS_FILEPATH" => "AJXP_DATA_PATH/plugins/auth.pam/users.ser", "AUTOCREATE_AJXPUSER" => true, "TRANSMIT_CLEAR_PASS" => false ) ), array( "NAME" => "serial", "OPTIONS" => array( "LOGIN_REDIRECT" => false, "USERS_FILEPATH" => "AJXP_DATA_PATH/plugins/auth.serial/users.ser", "AUTOCREATE_AJXPUSER" => false, "FAST_CHECKS" => false, "TRANSMIT_CLEAR_PASS" => false ) ), "LOG_DRIVER" => array( "NAME" => "text", "OPTIONS" => array( "LOG_PATH" => (defined("AJXP_FORCE_LOGPATH")?AJXP_FORCE_LOGPATH:"AJXP_INSTALL_PATH/data/logs/"), "LOG_FILE_NAME" => 'log_' . date('m-d-y') . '.txt', "LOG_CHMOD" => 0770 ) ) );
And the section in my /etc/httpd/conf.d/ajaxplorer.conf file:
< Directory "/usr/share/ajaxplorer"> Options FollowSymLinks AllowOverride Limit FileInfo Order allow,deny Allow from all AuthName "Ajaxplorer Access" AuthType Basic AuthPAM_Enabled on Require valid-user php_value error_reporting 2 < /Directory>
The trick is these two lines for the “basic_http” auth_driver:
"USERS_FILEPATH" => "AJXP_DATA_PATH/plugins/auth.pam/users.ser",
"AUTOCREATE_AJXPUSER" => true,
That then allow my users to login, and on first time, they auth via mod_auth_pam, and ajaxplorer create their account in “AJXP_DATA_PATH/plugins/auth.pam/users.ser”.
NOTE I have to manually create the directory plugins/auth.pam and create an empty users.ser file.
But after that, everything work perfectly.
Ordering of the mod_* modules is important in Apache. What version of ajaxplorer are you using? I was testing on 4.3.x.
Because of issues getting this to work and lack of time, I abadoned ajaxplorer and went with ourcloud.
Hi,
Followed your post with no success 🙁
After a successful basic HTTP authentication, i get forward to the regular login screen of Ajaxplorer.
What can be the reason?
Thanks,
James