Description of problem: Using non-Basic auth makes mod_python.publisher always fail with a '400 Bad Request' error code. E.g. | SetHandler mod_python | PythonHandler mod_python.publisher | AuthType Kerberos will create headers like | Authorization: Negotiate YIIE+gYJKoZIhvc... publisher.py checks unconditionally (e.g. also when module does not make own authentication but uses the default apache one) for base64 text at positions [6:] in this header (which obviously works for 'Basic' auth type only): | def process_auth(req, object, realm="unknown", user=None, passwd=None): | ... | if not user and req.headers_in.has_key("Authorization"): | try: | s = req.headers_in["Authorization"][6:] | s = base64.decodestring(s) | user, passwd = s.split(":", 1) | except: | raise apache.SERVER_RETURN, apache.HTTP_BAD_REQUEST mod_python-3.3.1 from Fedora 8 is not affected as it executes this check only, when called handler has an own __auth*__ mechanism. Version-Release number of selected component (if applicable): mod_python-3.2.8-3.1
This bug affects Koji's web interface if kerberos authentication is used. I currently have to work around this by patching my mod_python. Will attach the patch.
Created attachment 324094 [details] patch to keep mod_python from blowing up with non-basic auth
Thanks, Mike.
This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?".
The most relevant upstream bug for this is http://issues.apache.org/jira/browse/MODPYTHON-47
If this doesn't get into RHEL 5, see https://bugzilla.redhat.com/show_bug.cgi?id=682319 for a hacky workaround in Kojiweb.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-1113.html