On Tue, 20 Nov 2001, Doug MacEachern wrote: > On Tue, 20 Nov 2001, sterling wrote: > > > Hi - > > > > Set up an auth directory without AuthType but with require valid-user and > > AuthName and load an auth module that uses ap_note_basic_auth_failure... > > el kabong!! this patch stops the coro dumpo. > > this has bitten others in 1.x too. ended up adding protection in the > modperl wrapper functions. i applied a slightly different version to > prevent the same problem in ap_note_auth_failure(). and also changed > if (type && strcasecmp(ap_auth_type(r), "Basic")) > to > if (!type || ...) > cause i don't think it should set the *-Authenticate header if there is no > AuthType configured, right? or maybe ap_auth_type() should default to > Basic? >
Yeah - I pondered that for a bit... We should probably log an error (like bloom suggested) so the user is aware of the misconfiguration, and then send none of the headers (like your patch does). I don't think we should default to Basic. sterling