Ubuntu
apache2 package

shib2.load prevents webdav from reading .htpasswd file

Bug #1315029 reported by Bernie
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

When I configure webdav in apache2 it works fine. ie. login to the secure directory from a web browser

When I install the following.....
apt-get install -y libapache2-mod-shib2 shibboleth-sp2-schemas libshibsp-dev opensaml2-tools
and it has enabled shib2.load within --/etc/apache2/mods-enabled/-- directory, I can no longer log in to folder from a web browser.

Once the details have been inputted into the web browser login box and then click the OK button it just reloads the login box.

lsb_release -a
 No LSB modules are available.
 Distributor ID: Ubuntu
 Description: Ubuntu 14.04 LTS
 Release: 14.04
 Codename: trusty

apachectl -V
 Server version: Apache/2.4.7 (Ubuntu)
 Server built: Apr 3 2014 12:20:28
 Server's Module Magic Number: 20120211:27
 Server loaded: APR 1.5.1-dev, APR-UTIL 1.5.3
 Compiled using: APR 1.5.1-dev, APR-UTIL 1.5.3
 Architecture: 64-bit
 Server MPM: prefork
   threaded: no
     forked: yes (variable process count)
 Server compiled with....
  -D APR_HAS_SENDFILE
  -D APR_HAS_MMAP
  -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
  -D APR_USE_SYSVSEM_SERIALIZE
  -D APR_USE_PTHREAD_SERIALIZE
  -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
  -D APR_HAS_OTHER_CHILD
  -D AP_HAVE_RELIABLE_PIPED_LOGS
  -D DYNAMIC_MODULE_LIMIT=256
  -D HTTPD_ROOT="/etc/apache2"
  -D SUEXEC_BIN="/usr/lib/apache2/suexec"
  -D DEFAULT_PIDLOG="/var/run/apache2.pid"
  -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
  -D DEFAULT_ERRORLOG="logs/error_log"
  -D AP_TYPES_CONFIG_FILE="mime.types"
  -D SERVER_CONFIG_FILE="apache2.conf"

as a note this setup worked fine in 12.04.

As an additional note - once shib2.load within --/etc/apache2/mods-enabled/-- directory is removed webdav functions correctly

Regards
Bernie

See original description
Bernie (bernie-q)
affects: launchpad → apache2 (Ubuntu)
Revision history for this message
Seth Arnold (seth-arnold) wrote : Bug is not a security issue

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

information type: Private Security → Public
Bernie (bernie-q)
description: updated
description: updated
Revision history for this message
Bernie (bernie-q) wrote :

Got it working...........

Server version: Apache/2.4.7 (Ubuntu)

WebDav syntax from previous version of apache2 works fine in the new version of apache2, But...

when loading shib2.load mod it ceases to work.......

Note... WebDav Syntax has completely changed in the new version of Apache/2.4.7

When implementing the correct syntax for WebDav the issue no longer exists.

Please use the following URL when implementing WebDav in 2.4.....

http://httpd.apache.org/docs/2.4/howto/auth.html

Regards
Bernie

PS This bug can be closed.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks for letting us know what solved that for you, closing bug.

Changed in apache2 (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for apache2 (Ubuntu) because there has been no activity for 60 days.]

Changed in apache2 (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.