>>> On 4/27/2007 at 11:30 AM, in message <[EMAIL PROTECTED]>, Patrick Welche <[EMAIL PROTECTED]> wrote: > Basically, bug or configuration error? > > Using httpd trunk 529626, of Apr 19 2007, I tried a FAQ configuration > with the new authentication framework: > > <Directory "/usr/local/share/httpd/htdocs/learn"> > AuthType basic > AuthName "raven test" > AuthBasicProvider file > AuthUserFile /usr/local/etc/pass.txt > <SatisfyOne> > Require host quartz.itdept.newn.cam.ac.uk > Require ip 192.168.200.180 > Require valid-user > </SatisfyOne> > </Directory> > > quartz% hostname > quartz.itdept.newn.cam.ac.uk > quartz% lynx http://test.itdept.newn.cam.ac.uk/learn > Alert!: Access without authorization denied -- retrying > > > Username for 'raven test' at server 'test.itdept.newn.cam.ac.uk': > > > I expected not to be prompted to login by the above configuration. > (also tried AuthBasicAuthoritative Off, and have read the fine manual..) > > Cheers, > > Patrick
This is probably a bug. The problem is that as soon as you specify an Auth provider, the code is going to go through the check_user_id hook. The first thing that auth_basic will do in the hook is try to get the user and password. If it can't, it immediately returns HTTP_UNAUTHORIZED which causes the browser challenge. You can still use mod_access_compat and define access control rules which is probably what you really want rather than authorization rules, which is what you have defined here. However there is still a problem in ap_process_request_internal() in request.c. In the current code, there is no precedence defined between access control and authentication. All hooks will be called on all requests. We can either set the precedence at the time when the hooks are called (which will prevent some hooks from being called) or let the auth hooks themselves determine the precedence. It's beginning to look like Order, Allow, Deny, Satisfy can't be deprecated after all. However I still think that there is a usefulness for the same type of authorization rules defined by "require". Brad
