Today I needed to password-protect a Redmine installation. I’ve typically used mod_auth_mysql for similar projects, but Redmine uses a salted password format that’s incompatible with mod_auth_mysql. So, I turned to Apache/Perl authentication, a first for me (I rarely touch Perl) and was able to make it work.
- Install mod_perl, and the DBI, MySQL, and Digest (SHA1) Perl modules.
$ apt-get install libapache-dbi-perl libapache2-mod-perl2 libdbd-mysql-perl libdigest-sha1-perl
- Copy Redmine.pm to the appropriate Perl location.
$ cd /path/to/redmine $ mkdir -p /usr/lib/perl5/Apache/Authn $ cp extra/svn/Redmine.pm /usr/lib/perl5/Apache/Authn/
- Perhaps I’m not using Redmine’s projects/members/permissions correctly, but I had to patch Redmine.pm to get it to work for me. I greatly simplified the SQL statement used to authenticate a user. There’s no sense of permissions; it’s simply a yes/no for authenticated users.
--- Redmine.pm 2011-11-12 17:33:10.000000000 -0700 +++ Redmine.richardkmiller.pm 2011-11-12 17:37:26.000000000 -0700 @@ -148,16 +148,11 @@ my ($self, $parms, $arg) = @_; $self->{RedmineDSN} = $arg; my $query = "SELECT - hashed_password, salt, auth_source_id, permissions - FROM members, projects, users, roles, member_roles + hashed_password, salt + FROM users WHERE - projects.id=members.project_id - AND member_roles.member_id=members.id - AND users.id=members.user_id - AND roles.id=member_roles.role_id - AND users.status=1 - AND login=? - AND identifier=? "; + users.status=1 + AND login=?"; $self->{RedmineQuery} = trim($query); } @@ -336,11 +331,12 @@ } my $query = $cfg->{RedmineQuery}; my $sth = $dbh->prepare($query); - $sth->execute($redmine_user, $project_id); + $sth->execute($redmine_user); my $ret; - while (my ($hashed_password, $salt, $auth_source_id, $permissions) = $sth->fetchrow_array) { - + while (my ($hashed_password, $salt) = $sth->fetchrow_array) { + my $permissions = ":commit_access"; + my $auth_source_id = 0; unless ($auth_source_id) { my $method = $r->method; my $salted_password = Digest::SHA1::sha1_hex($salt.$pass_digest); - Configure and restart Apache.
<virtualhost *:80> ServerName example.com DocumentRoot "/var/www/sites/example.com/public" RailsEnv production PerlLoadModule Apache::Authn::Redmine <directory "/var/www/sites/example.com/public"> AuthType basic AuthName "Private Area" Require valid-user PerlAccessHandler Apache::Authn::Redmine::access_handler PerlAuthenHandler Apache::Authn::Redmine::authen_handler RedmineDSN "DBI:mysql:database=my_database;host=localhost" RedmineDbUser my_db_user RedmineDbPass my_db_password </directory> </virtualhost>
By the way, I’m running Ubuntu 11.10 (oneiric), Apache 2.2, MySQL 5.1, and Redmine 1.2.2.