Joe Orton wrote:
> On Mon, Aug 09, 2004 at 11:55:57AM -0400, Geoffrey Young wrote:
>
>>
>>Joe Orton wrote:
>>
>>>Yes, sorry I'm talking about 2.1 here of course. I debugged this as far
>>>as finding that $self->{modules} appears to be empty at the time that
>>>the ->default_module calls are made.
>>
>>yes, I see that there is no aaa stuff in your resulting conf, which I assume
>>is because you don't have any aaa LoadModule statements in your main
>>httpd.conf. this should be fine under normal circumstances. the only thing
>>I can think of that might trip this up is if you have those modules compiled
>>statically, but I'm not entirely sure.
>
>
> Yes, indeed.
>
> $ ./bin/httpd -l | grep mod_auth
> mod_authn_file.c
> mod_authn_default.c
> mod_authz_host.c
> mod_authz_groupfile.c
> mod_authz_user.c
> mod_authz_default.c
> mod_auth_basic.c
ok, that's an important point. if these used to work with an identical
(static) httpd then something definitely broke recently. personally, I've
never tried with a heavy-static httpd so I don't know how it used to behave.
>>and post the resulting output - the call to need_access should be sufficient
>>to keep that test from running at all if it can't find an appropriate aaa
>>module.
>
>
> All tests which expect access do pass, all those expecting access denial
> fail, i.e. failing exactly as if no access control is applied.
ok, I think I see it.
anyway, check t/conf/extra.conf for <IfModule "mod_access.c"> - the
mod_access there is expanded from @ACCESS_MODULE" which is supposed to find
the right one (mod_access or mod_authz_host). since it wasn't found, the
default mod_access was used and thus the .htaccess files would not be picked up.
funny that the call to need_access isn't stopping the tests, though - that
seems like a bug as well.
anyway, at this point we can probably wait for stas to show up, since I
wasn't following his changes of late.
--Geoff
