On Tuesday 20 November 2001 09:31 pm, sterling wrote: > On Tue, 20 Nov 2001, Doug MacEachern wrote: > > On Tue, 20 Nov 2001, sterling wrote: > > > Hi - > > > > > > Set up an auth directory without AuthType but with require valid-user > > > and AuthName and load an auth module that uses > > > ap_note_basic_auth_failure... el kabong!! this patch stops the coro > > > dumpo. > > > > this has bitten others in 1.x too. ended up adding protection in the > > modperl wrapper functions. i applied a slightly different version to > > prevent the same problem in ap_note_auth_failure(). and also changed > > if (type && strcasecmp(ap_auth_type(r), "Basic")) > > to > > if (!type || ...) > > cause i don't think it should set the *-Authenticate header if there is > > no AuthType configured, right? or maybe ap_auth_type() should default to > > Basic? > > Yeah - > > I pondered that for a bit... We should probably log an error (like bloom > suggested) so the user is aware of the misconfiguration, and then send > none of the headers (like your patch does). > > I don't think we should default to Basic.
I was actually thinking of not starting. The configuration is invalid, so we should exit with an error IMO. Ryan ______________________________________________________________ Ryan Bloom [EMAIL PROTECTED] Covalent Technologies [EMAIL PROTECTED] --------------------------------------------------------------
