tags 977107 = confirmed upstream
severity 977107 normal
thanks
Ok, I managed to replicate the issue by using the default configuration
and your snippet on buster. It works only by removing the
AuthAliasOnly/AuthUsingAlias directives.
Also, I did a fast trial with the latest jessie version (several security
patch had been applied during its support time) with the same results.
Same results with testing and moving AuthAliasOnly in global, too.
<Anonymous /var/www/xxxxx>
AnonRequirePassword on
RequireValidShell off
AuthAliasOnly on <----- here the problem
AuthUsingAlias on <----- here the problem, even
by using xxxxx for UserPassword
User www-data
UserAlias xxxxx www-data
Group www-data
Umask 003
GroupOwner www-data
MaxClients 2
AccessGrantMsg "Acceso Permitido a %u - Toda su actividad esta siendo
monitoreada."
HideNoAccess on
UserPassword www-data w4/CBsf6D7jf2
</Anonymous>
--
Francesco P. Lovergine