Ken: back to your original problem. Maybe you should disbale the default index list by comment out "Options Indexes" in your httpd.conf, so as to isolate the problem: if it is authz related or not at all.
Peter > > > > A note: since cookie is involved, why not to implement > > all the access/authentication/authurization functions at > > the access control phase using cookie ? > > I've got them split out to match the phase in which they'd be invoked. > That, and the fact that the access handler will be invoked everywhere, but > the authorization handler may be different based on the application being > protected. > > Back to the original problem: it all boils down to the Authz handler. When > it's activated via 'require', directory indexes are not generated. Remove > the require, and *poof*, you get directory indexes. > > > > > > > Peter > > > I've got an interesting problem, related to my development of some > > > Authen/Authz handlers. > > > > > > I have a directory on which I've installed an Access, Authen, and Authz > > > handler: > > > > > > - the Access handler makes sure a cookie exists, and redirects the user > to a > > > login page if it doens't. If the cookie does exist, populate > > > $r->connection->user. This works. > > > > > > - Authen handler currently returns OK - it will be used to validate the > user > > > as stored in the cookie > > > > > > If I 'require valid-user' in the directory, my authz handler doesn't get > > > invoked, which I expect. However, If I request the directory (ie. > /test/) I > > > get a directory listing instead of index.html. If I take out the > require, > > > thereby bypassing authen/authz, I get index.html. If I also put in > custom > > > 'requires', my authz handler is invoked, and the same thing happens. > > > > > > So, it seems that when OK is returned from an authz handler, the > > > DirectoryIndex is not being read. > > > > > > I've been unsucessful in trying to find a solution. > > > > > > Ideas? > > > > > > -klm. > > > > > > BTW, I understand that what I'm doing does appear to be similar to > > > Apache::AuthCookie, but I have a few different requirements that I need > to > > > incorporate.... > > > > > > > > > > > > > >
