Solved: pubcookie access to file failed, reason: verification of user id '<null>' not configured

You've spent hours getting your encryption keys in order. You've successfully got a granting key and a crypt key from your pubcookie server. Your Apache ssl.conf is finely honed and your external SSL tests are flawless.

Yet your users can't log in. They're not being redirected to the central login server. Instead, they see messages like

Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

And in your ssl_access.log you're just seeing 401 after 401.

In your ssl_error.log you see

access to [file] failed, reason: verification of user id '<null>' not configured

You can curse. You can jump up and down. You can throw things on the floor. But what's really going to help you is this tidbit of knowledge:

Something is overriding your PubcookieAuthTypeNames directive.

What is happening is that when your .htaccess file is read, the AuthType directive there doesn't match anything in your mod_pubcookie.conf file because your directive got overridden by another line somewhere, probably something like

PubcookieAuthTypeNames WebISO

Fix that error, restart Apache, and go have a nice lie-down somewhere.


Solution to Invalid command 'PubcookieAppID'

When setting up Pubcookie, you may encounter an "Internal Server Error" in your browser and the following error in /var/log/httpd/ssl_error_log (or wherever you're keeping your SSL error log):

[alert] [client] /var/www/html/foo/bar/baz/.htaccess: Invalid command 'PubcookieAppID', perhaps misspelled or defined by a module not included in the server configuration

This might be a headscratcher for a while, since you've probably been working hard to make sure that your Pubcookie configuration is nice and tidy and your .htaccess file is set up with PubcookieAppID, like this:

AuthType NetID
PubcookieAppID fribble
require valid-user

In fact, Apache is telling you exactly what you need to know: it can't make sense of the PubcookieAppID directive because the module that interprets that directive is not loading and thus is "not included in the server configuration."

To solve this, make sure that a line like this is actually somewhere in your configuration, normally somewhere like /etc/httpd/conf.d/pubcookie.conf:

LoadModule pubcookie_module modules/

In my case, I had commented it out while getting SSL to work. Duh.

Compiling and Installing Pubcookie on 64-bit RHEL6

Before attempting compilation, make sure you have the following prerequisites installed (and Apache of course):

yum install gcc mod_ssl openssl-devel httpd-devel

Then you're ready:

curl -O
tar xzvf pubcookie-3.3.4a.tar.gz
cd pubcookie-3.3.4a
make top_builddir=/usr/lib64/httpd top_srcdir=/usr/lib64/httpd

Then with sudo or as root:

make top_builddir=/usr/lib64/httpd top_srcdir=/usr/lib64/httpd install

You'll need to tell Apache to load pubcookie. In /etc/httpd/conf/httpd.conf or /etc/httpd/conf.d/pubcookie.conf:

LoadModule pubcookie_module modules/

Reference: ...Red Hat felt the need to mess with the Apache2 build environment

Pubcookie for Drupal 4.7

I've just committed a version of the pubcookie module that's compatible with Drupal 4.7. I also added a bit to the README to explain how the pubcookie module works:

When you click on the Log In link provided by the pubcookie block, it takes you to the directory you specified for "Login directory" under admin > settings > pubcookie (by default, 'login'). The pubcookie module takes this path, adds "pc" (an arbitrary string) to the end of it and -- and here's the key -- registers it as a menu item in the menu hook. So now is not a nonexistent file but a registered Drupal path that is "located" inside a directory that's protected by a .htaccess file restricting the contents to pubcookie-server-authenticated users. So when you reach that path, the pubcookie module receives a call to pubcookie_page() and goes from there.


Subscribe to RSS - Pubcookie