>Number: 2265 >Category: general >Synopsis: double authentication on fully qualified domain name >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: support >Submitter-Id: apache >Arrival-Date: Thu May 21 16:30:00 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2.5 >Environment: websvr% uname -a SunOS websvr 5.6 Generic sun4u sparc SUNW,Ultra-1 websvr% /opt/www/apache/httpd -v Server version Apache/1.2.5. websvr% >Description: I'm running a web server with virtual hosts using Server version Apache/1.2.5. and am having a problem with double authentication.
If for example I load http://websvr/cri/its/index.html I get authenticated, but then if I load the same page with the fully qualified domain name http://websvr.chromatic.com/cri/its/index.html I get authenticated a second time. Is there a way to prevent this? (If I load http://websvr.chromatic.com/cri/its/index.html I get authenticated, then if I load http://websvr/cri/its/index.html the page loads fine without reauthenticating.) My httpd.conf includes... ServerName websvr.chromatic.com <VirtualHost 172.16.10.14> ServerName websvr.chromatic.com ServerAlias websvr DocumentRoot /opt/www/jumpgate ErrorLog logs/websvr-error_log TransferLog logs/websvr-access_log </VirtualHost> # Chromatic Restricted Doc Root <Directory /opt/www/jumpgate/cri> AuthName Chromatic Secure Web Server AuthType Basic AuthUserFile /etc/passwd.htaccess AuthGroupFile /etc/group.htaccess AllowOverride AuthConfig require group engineering </Directory> (BTW, I have tried different browsers and have gotten the same results.) Thanks in advance for any help, Mark [EMAIL PROTECTED] >How-To-Repeat: >Fix: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
