Support for authentication with an apache-style htpasswd-file




4 years ago
4 years ago


(Reporter: aba+bugzilla, Unassigned)




(1 attachment)



4 years ago
Created attachment 8479041 [details]

User Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20140611 Firefox/24.0 Iceweasel/24.6.0 (Nightly/Aurora)
Build ID: 20140611050012

Steps to reproduce:

Currently Bugzilla cannot use an apache-style htpasswd-file as authentication source. The attached works for me (but is probably not appropriate for inclusion as the file name is hardcoded).

Expected results:

Please indicate whether a patch of that kind might be acceptable, and what (in addition to the password file selection) needs to be adjusted for inclusion.


4 years ago
Attachment #8479041 - Flags: review?(dkl)
Comment on attachment 8479041 [details]

supporting more authentication mechanisms isn't something that we're keen to take on in the bugzilla core currently.

instead this mechanism would be better suited to an extension.

see for information about how to package this as an extension, which would allow it to run on any recent bugzilla version.
Attachment #8479041 - Attachment mime type: text/x-perl → text/plain
Attachment #8479041 - Flags: review?(dkl) → review-
Assignee: user-accounts → extension.ideas
Component: User Accounts → Extension Ideas
you may want to look at as an example of an extension which adds a new authentication method.

- contains new modules (in your case Apache::Htpasswd)
- grep the code for "browserid_verify_url" to see where we're adding an admin parameter; you'd want to
  set the path to your htpasswd file using a similar mechanism
And of course worth mentioning that this will also suffer from the same limitations as the Persona extension such as:

* Unable to create account without manual intervention of an admin
* Unable to change your password through the preferences UI
* Unable to change your email address through the preferences UI
* Possibility of a user creating a bugzilla account through the UI, but then
using a different login with htpasswd and the two are not synced.


Comment 4

4 years ago
Bugzilla already supports htpasswd for years. You have to set user_info_class = Env and configure your .htaccess file to point to your htpasswd file.
Last Resolved: 4 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.