The following reply was made to PR mod_auth-any/3124; it has been noted by GNATS.
From: [EMAIL PROTECTED] (Jon Wikne) To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: mod_auth-any/3124: AuthName does not work anymore - appears as "unknown". Date: Mon, 5 Oct 1998 12:06:08 +0200 (MET DST) > You have an ErrorDocument 401 directive, correct? Yes. > Does removing that stop this problem? Yes! Strange, I always believed that the importance of the 401 document started _after_ an error had occurred, not before.... > If so, what is the > ErrorDocument directive pointing to? It points to a CGI-script whose purpose is to count the number of unsuccessful attempts to access the URLs requiring authorization. > For some reason, there are two authentication headers being > sent, one empty. Yes, it appears the 401 script sent one of them. I don't remember the reason for that. It has been this way for many years, starting in the "old" days running NCSA httpd. ;-) Maybe it was required (or I believed it was required) at some stage. Until now it has not caused problems. Curious as I am, I tried to track down what the difference between 1.3b3 and 1.3.2 were in handling this situation. It appears that while 1.3b3 puts the empty authentication header _after_ the correct one, 1.3.2 puts it _before_, thus causing problems.... This is illustrated in the dialogues included below with two different computers, one running 1.3b3, the other 1.3.2. Thanks for your time. Cheers, -- Jon ---------------------------------------------------------------------- [EMAIL PROTECTED] 6 % telnet lynx 80 Trying 129.240.84.95... Connected to lynx.uio.no. Escape character is '^]'. GET /lynx/nancy/pw/csg/ HTTP/1.0 HTTP/1.1 401 Authorization Required Date: Mon, 05 Oct 1998 09:19:25 GMT Server: Apache/1.3b3 WWW-Authenticate: Basic realm="wild" WWW-Authenticate: Connection: close Content-Type: text/html <HTML><HEAD><TITLE>401 - Authorization Required</TITLE></HEAD><BODY><H1>401 - Authorization Required</H1>Browser not authentication-capable or authentication failed.<IMG SRC="/cgi-bin/Count.cgi?ft=0|frgb=69;139;50|tr=1|trgb=0;0;0|wxh=14;20|pad=0|dd=R|st= 5000|sh=0|df=no_girls.dat"></BODY></HTML> Connection closed by foreign host. [EMAIL PROTECTED] 9 % telnet cheetah 80 Trying 129.240.84.96... Connected to cheetah.uio.no. Escape character is '^]'. GET /lynx/nancy/pw/csg/ HTTP/1.0 HTTP/1.1 401 Authorization Required Date: Mon, 05 Oct 1998 09:21:59 GMT Server: Apache/1.3.2 (Unix) WWW-Authenticate: WWW-Authenticate: Basic realm="wild" Connection: close Content-Type: text/html <HTML><HEAD><TITLE>401 - Authorization Required</TITLE></HEAD><BODY><H1>401 - Authorization Required</H1>Browser not authentication-capable or authentication failed.<IMG SRC="/cgi-bin/Count.cgi?ft=0|frgb=69;139;50|tr=1|trgb=0;0;0|wxh=14;20|pad=0|dd=R|st= 5000|sh=0|df=no_girls.dat"></BODY></HTML> Connection closed by foreign host.
