DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16937>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16937 Broken(?) 401 response from Apache 1.3.27 when digest auth required Summary: Broken(?) 401 response from Apache 1.3.27 when digest auth required Product: Apache httpd-1.3 Version: 1.3.27 Platform: PC OS/Version: Windows NT/2K Status: NEW Severity: Normal Priority: Other Component: Auth/Access AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Hi all, I have just tried out md5 digest authentication and ran into a problem. Using Mozilla or Internet Explorer I was successful to log into the site, however using Opera (6.0.x or 7.0) or Konqueror I was not. Konqui just said login had failed, Opera claimed it had denied to send username and password since the domain of the auth requirement didn't match the URL I had requested for (This was not the exact message but really comes quite close). Following there is the section from httpd.conf regarding the (to be) password protected area: Alias /intern d:/stuff/htdocs <Directory "d:/stuff/htdocs/milestone2/jBOSSstuff/en"> AuthType Digest AuthName "testingDgst" AuthDigestFile d:/Programme/Apache-1.3.27/conf/digest.pwd Require user onlyme </Directory> This is the URL to be requested: /intern/milestone2/jBOSSstuff/en/index.html As you can see - this is a Windows machine (NT in my case). From Konqueror's debug output I could read the following (mind the domain): ... "HTTP/1.1 401 Authorization Required" "Date: Mon, 10 Feb 2003 16:47:24 GMT" "Server: Apache/1.3.27 (Win32) PHP/4.0.5" "WWW-Authenticate: Digest realm="testingDgst", nonce="...", algorithm=MD5, domain="d:/stuff/htdocs/milestone2/jBOSSstuff/en", qop="auth"" ... As you can see, Apache exposes the file system path of the protected directory. Of course it doesn't match the URL one requests when clicking on a link, so I understand why Opera complains. Besides I do not really want filesystem paths to be visible outside. If I use the following configuration in httpd.conf everything works fine: Alias /intern d:/stuff/htdocs <Location "/intern/milestone2/jBOSSstuff/en"> AuthType Digest AuthName "testingDgst" AuthDigestFile d:/Programme/Apache-1.3.27/conf/digest.pwd Require user onlyme </Location> Konqueror will then have the following in its debug output: HTTP/1.1 401 Authorization Required" "Date: Mon, 10 Feb 2003 16:47:24 GMT" "Server: Apache/1.3.27 (Win32) PHP/4.0.5" "WWW-Authenticate: Digest realm="testingDgst", nonce="...", algorithm=MD5, domain="/intern/milestone2/jBOSSstuff/en", qop="auth"" I hope someone could get the digest authentication to work together with the Directory directive. Thanks in advance, Andreas Leuner --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
