The following reply was made to PR mod_auth-any/1809; it has been noted by GNATS.
From: Dean Gaudet <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: Subject: Re: mod_auth-any/1809: Suggestion for improving authentication modules and core source code, problem with 401 and ErrorDocument (fwd) Date: Fri, 20 Feb 1998 00:57:43 -0800 (PST) ---------- Forwarded message ---------- From: John Mechalas <[EMAIL PROTECTED]> Subject: Re: mod_auth-any/1809: Suggestion for improving authentication modules and core source code, problem with 401 and ErrorDocument To: [EMAIL PROTECTED] Date: Tue, 17 Feb 1998 10:35:34 -0800 (PST) Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] > > Synopsis: Suggestion for improving authentication modules and core source > code, problem with 401 and ErrorDocument Real quick...in my note I mis-spokle (although all the modifications and problems are still valid). When you use a 401 ErrorDocument handler, I stated that Apache sends a blank "WWW-Authenticate:" header. This was incorrect...Apache doesn't send _any_ "WWW-Authenticate:" header. It is up to the CGI script to generate it correctly. The original problem still stands, though...you can't generate the WWW-Authenticate header in the CGI script since you don't have any information regarding the authentication method that triggered the 401 error. Cheers, John -- John Mechalas \ carpe cavy! Intel MD6 Engineering Computing \ JF1-22, 1st floor, pole H16 \ (seize the guinea pig!) (503) 264-0658 \
