search

AnthonyDeroche / mod_authnz_jwt

An authentication module for Apache httpd using JSON Web Tokens
Other
79 stars 47 forks source link

AuthJWTLeeway causes crash #4

Closed mogol closed 7 years ago

mogol commented 7 years ago

Hey, thanks for mod!

If in this config remove AuthJWTLeeway 10, auth fails with crash: [Mon Dec 12 22:22:29.898372 2016] [core:notice] [pid 19793] AH00052: child pid 20078 exit signal Segmentation fault (11)

<VirtualHost *:80>
    ServerName testjwt.local
    DocumentRoot /var/www/testjwt/

    AuthJWTExpDelay 1800
    AuthJWTIss testjwt.local
    AuthJWTAud tests
    AuthJWTLeeway 10

    LogLevel auth_jwt:debug
    RewriteEngine On

    Alias "/hmac_secured" "/var/www/testjwt"
    Alias "/rsa_secured" "/var/www/testjwt"
    Alias "/ec_secured" "/var/www/testjwt"

    <Directory /var/www/testjwt/>
        AllowOverride None
        Options -Indexes
        Require all granted
    </Directory>

    <Location "/hmac_secured">
        AuthJWTSignatureSharedSecret secret
        AllowOverride None
        Options -Indexes
        AuthType jwt
        AuthName "private area"
        Require valid-user
    </Location>

    <Location "/jwt_login">
    AuthJWTSignatureAlgorithm HS256
    AuthJWTSignatureSharedSecret secret
        SetHandler jwt-login-handler
        AuthJWTProvider file
        AuthUserFile /var/www/jwt.htpasswd
    </Location>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
AnthonyDeroche commented 7 years ago

Hey,

Thanks for the feedback. I reproduced successfully the crash. I'll fix this in a new release very soon.