On 05 Aug 2012, at 10:39 PM, Stefan Fritsch wrote: >>> This works as designed. Authentication will only be triggered if the >>> end result depends on a valid user being present. The reason is to >>> avoid a password dialogue if the access will be denied anyway. >> >> This breaks basic authentication though, because basic auth relies on that >> initial 401 Unauthorized to tell the client that a password is required. In >> this case, access would have been approved, not denied, but the client never >> got the opportunity to try log in as it was forbidden from the outset. >> >> Right now, I cannot get aaa to work in either a browser or in the webdav >> client for MacOSX with two require lines. In both cases, the user is >> forbidden immediately with no opportunity to log in. > > You mean you can't get "Require expr" to work. All other providers should > work ok. Or do you have an example that does not involve "Require expr"?
Most specifically, as per my original mail, I can't get the following to work: <RequireAll> Require valid-user Require expr %{note:mod_userdir_user} == %{REMOTE_USER} </RequireAll> Can you clarify what is special about the expr specifically that triggers forbidden instead of unauthorized? Perhaps this is a bug inside the expr code. Regards, Graham --
smime.p7s
Description: S/MIME cryptographic signature