On Sunday 05 August 2012, Graham Leggett wrote:
> > You mean you can't get "Require expr" to work. All other
> > providers should work ok. Or do you have an example that does
> > not involve "Require expr"?
>
> Most specifically, as per my original mail, I can't get the
> following to work:
>
> <RequireAll>
> Require valid-user
> Require expr %{note:mod_userdir_user} == %{REMOTE_USER}
> </RequireAll>
>
> Can you clarify what is special about the expr specifically that
> triggers forbidden instead of unauthorized?
>
> Perhaps this is a bug inside the expr code.
The API is currently such that an authz provider must return
AUTHZ_DENIED_NO_USER instead of AUTHZ_DENIED if its result may change
after authentication. Require expr in 2.4.2 does not do that. But it
will be fixed in 2.4.3 with
http://svn.apache.org/viewvc?view=revision&revision=1364266
