APACHE 2.4 PORTING NOTES
VERY IMPORTANT!!!
Apache 2.4 has a VERY different authentication API from previous versions. You will not be able to simply upgrade to Apache 2.4, and install an updated Apache2::AuthTicket module to migrate to 2.4. You will also need to update your configuration file because the way things are configured in Apache 2.4 is different. This has nothing to do with AuthTicket itself. It is due to the way Authentication and Authorization works inside apache.
This document attempts to help you understand what has changed and what changes are required.
If you have subclassed Apache2::AuthTicket then you will also need to port the code in your subclass over to the new Apache API as well.
Configuration Changes
Remove all
PerlAuthzHandlerentries.PerlAuthzHandlerdoes not exist in Apache 2.4.Add
Require all grantedto yourLoginHandlerandLoginScripthandlers.You MUST have at least one
Requiredirective under apache 2.4. If you do not have this, apache will produce the error:AuthType configured with no corresponding authorization directives errorWhen trying to access these handlers. The solution is to use
Require all granted.Remove
${auth_name}Satisfydirectives.Satisfy support is removed as it is no longer needed with Apache 2.4.
You are expected to use
RequireAllorRequireAnyinstead.If you have any
Requiredirectives that require anything other thanvalid-useruser ...all ..., then you will need to subclassApache2::AuthTicketand write an Authz provider to handle this. This is not common.This would be configured with something like:
PerlAddAuthzProvider species My::AuthTicket->authz_speciesThis would call
My::AuthTicket::authz_species()for anyRequire species kilingontype directives. Again, if you are just requringuserorvalid-useryou do not need to do this. Apache supplies an authz provider that handles those for you.See the
README.apache-2.4.podin the Apache2::AuthCookie distribution for details on how to write an authz provider method.