For various reasons, our department has implemented a system whereby we combine Radius authorization (for user login) with the built-in Apache Basic authorization model (for management of individual user directory privileges via use of an .htaccess file).
We're currently seeing some weirdness with this setup, specifically:
Problem #1: If someone logs in and then tries to access a resource for which they do not have permission, the server is throwing out an "Internal Server Error" (Error code 500) to the browser instead of the proper "Unauthorized" (Error code 401).
Problem #2: There are times where the .htaccess files are being read, but ignored. e.g., a user has an .htaccess file in his directory which is being read, but the "require groups bar" directive is being ignored and he gets access to the directory anyway.
My questions are:
Does anyone have any experience using both systems together?
If so, do you have any configuration tips you'd be willing to share?
Can anyone theorize why the wrong error is being generated when a user doesn't have access to a resource? What is generating this error (I'm guessing Apache) and where would I go to try to fix this bug?
Please feel free to email me off-list with any hints. I'll also be watching here.
Many thanks!
CT
--
Charles Thomas
DoIT Network Services Programmer
University of Wisconsin - Madison
1210 W. Dayton St. Rm. B111
Madison, WI 53706
(608) 262-1649 Office
(608) 262-7561 Fax
[EMAIL PROTECTED]
- Re: Combining Radius with Apache Authorization Charles Thomas
- Re: Combining Radius with Apache Authorization Milver S. Nisay
- Re: Combining Radius with Apache Authorization Alan DeKok
- Re: Combining Radius with Apache Authorization Charles Thomas
- Re: Combining Radius with Apache Authorization John Kiehnle
- Re: Combining Radius with Apache Authorization Gary McKinney
- Re: Combining Radius with Apache Authorization Gary McKinney
