What steps will reproduce the problem?

I have installed the google-authenticator-apache-module following the online instructions. When I try to log in the verification process fails because the module is failing passing the user name on file.

This is the error message from apache log:

** PW AUTH at T=****** user "root" (2)No such file or directory: check_password: Could not open password file: /etc/httpd/ga_auth/(null) user root: authentication failure for "/admin/code/tce_edit_objects.php": Password Mismatch

instead of passing the user name is passing "(null)"!

I have temporarily fixed the problem by creating a file named "(null)" that works with any filename.

I'm using Scientific Linux 6.1 with Apache 2.2.15 and google-authenticator-apache-module GoogleAuthBinary_v01.bz2

Attached here a fixed mod_authn_google.c file that compiles without errors. And the compiled mod_authn_google.so I've fixed the null problem on file and also a dozen of other compiling errors.

I have update the code fixing the cookie problem (the cookies are now read).

I started using this code because of the same problem(s) you had. Glad to report that I can now auth using Google authenticator on Apache 2.2. However, I still have a problem.

No matter what I do, the auth cookies seem to timeout after a minute or so. I have the "GoogleAuthCookieLife 3600" setting, and I am seeing messages like this in the Apache log: "Created cookie expires 1325443676 (time = 3600)".

However, after a minute or so, I see this in the Apache log: "Found cookie Expires "" Valid """ and then it tries re-authing with the previous code I entered, and fails, so I'm prompted for a new code.

Any ideas?

Some additional info on my problem - I am trying to use google auth for access to phpMyAdmin. It seems, after some additional testing, that perhaps there is a problem with phpMyAdmin interfering with the auth.

If I only request simple items (like pngs), the auth stays just fine for a long time. If I click on some feature within phpMyAdmin, like Processes, then the auth dies quickly - in a minute or so.

After adding in a debug line to display the full cookies, I saw that the regex used to find the cookie was not working correctly. It seemed overly compex and, in some situations, it failed.

I changed the cookie to include a : at the end, and also re-worked the regex. All is working properly now. Code attached.

Lucky:

Are you by chance using cookies in your phpMyAdmin script? I am susspecting it has something to do with the fact that there is only a single "cookie" header, which combines strings from both this module, and ANYONE else. I believe the regexp might not be handling the latter correctly.

I was using phpMyAdmin, and there were other cookies (though I did not set them). I quickly modified the regex to work. It might not be the "proper" solution though. But the authenticator module ideally should work regardless of what other cookies are present, no?

On Thu, Mar 21, 2013 at 2:33 PM, < google-authenticator-apache-module@googlecode.com> wrote:

Yes - I completley agree. I'm just trying to figure out why it didn't. (My regexp was supposed to accomodate for them). You wouldn't by chance have a cookie string from this you could share, do you?

Here's one:

"pma_lang=en; pma_collation_connection=utf8_general_ci; pma_navi_width=200; phpMyAdmin=dsofhasouphf8975q98u; google_authn=lucky:3692581470:9fZZrZ6kMaL2dwXzrfTsqIWdi/c=:; __utma=68896193.834633149.1320516436.1357578935.1357599597.89;__utmz=68896193.1352322698.7.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmc=68896193; member_id=3; pass_hash=09812387643abcdef; ipsconnect_0989875asfdsapofjkjlnsdfau=1"

Thank you very much! I tried it in Perl and believe I found the problem - instances of the "google_authn" token at the BEGINNING of the string are returned in the first-three regexp variables, but ones in the MIDDLE of the string are returned in the subsequent three regexp variables, but I am ONLY looking at the first three. So it's just a matter of modifying the regexp to use only three, or the code to check both sets.

Would you be up for testing if/when I have something ready for release?

Thanks for you help!

Cool. Sure can.

Attached here the latest version I fixed more than one year ago and that is working for me.

Note: to display the differences between the code above and the original file I suggest to use a visual tool like Meld, so you can easily skip the formatting changes.

Lucky's issue split to separate issue (#4).

This issue was because we are passing a NULL to the function that does the authentication check, where we should be passing the username. Nicola found this and made this fix in his version.

I have made fixes for this issue, Lucky's issue, and Nicola's warning cleanups in a new version which we are now testing and will release very soon.

(Anyone who wants to test it - ping me)

Fixed in r9 (trunk)