On Tue, Feb 14, 2006 at 11:11:22AM -0700, Brad Nicholes wrote: > >>> On 2/14/2006 at 3:50 am, in message > <[EMAIL PROTECTED]>, > [EMAIL PROTECTED] wrote: > > On Mon, Feb 13, 2006 at 03:42:27PM -0700, Brad Nicholes wrote: > >> > >> The other problem that I see in the configuration is that the > <Location > >> /authany> defines an authtype and authname but no authentication > >> provider. This means that the authentication provider will default > to > >> 'file'. But since there hasn't been a password file specified > either, > >> the result is an AUTH_GENERAL_ERROR. This scenario would occur > with > >> either 2.2 or trunk. > > > > mod_authany is supposed to key off the AuthName configured for the > > location - if it's equal to "authname" then it kicks in and does the > > > dummy authz hack. No argument that this is a weird hack, but this > > worked in 2.2 and earlier, is there any way it can do something > similar > > without requiring a config file change? > > > > joe > > This is where I am a little confused. The AUTH_GENERAL_ERROR is coming > from the authn side not authz and nothing has really changed in authn > between 2.2 and 2.3. So I don't understand how it worked in 2.2. > Looking at the code again, I think you are still going to need the > authany_handler() to handle the authentication. If mod_auth_basic tries > to handle the authentication, then it will attempt to default to 'file' > and fail as I mentioned before. In fact, everything that was working > before should continue to work correctly. There is nothing to prevent a > module from grabbing the same check_user_id and auth_checker hooks and > handling them.
Sorry, everything I wrote above is wrong, not sure what I was smoking that day... mod_authany with 2.2 and earlier was checking for the configuration "Require user any-user" and then allowing authz if *any* basic auth credentials had been sent in the request. With the trunk code, since the check_user_id hook can no longer get to the requirements array (ap_requires() has gone), it can't do this any more. This is the problem I was trying to work around and failing... joe
