> > -> If we have for example a (Group,..)File but opening it failes
> > then we ignore any 'require group' and DECLINE to other modules.
>
> I don't find those surprising at all; they're what I would expect.
Hmm - but that means that if someone edits the group files, saves it as
root with the wrong umask or removes it by accident - then something like:
require group admins
suddenly gets ignored. This is especially galling if the edit was to
remove someone :-).
> > ERROR if file read error (was DECLINE/UNAUTH)
>
> No, UNAUTH if authoritative, DECLINE otherwise. The client should NOT be
> told there is a config error. Log the problem.
UNAUTH suggest that the page may be availble if the user fixes something.
Which is not the case. So we cannot give that.
But if we DECLINE - and someone then gives an UNAUTH then the client is
free to a) retry with another password -or- purge the buffered password
from its state for that realm. That can give things like a flurry of
dialog boxes when for example a stylesheet/javascript is still fetching
images. Would it not be saver in general to give a 500 ? Or something that
signals a fault - and please do not retry this unless something has
changed on -my- end; not the client end.
> UNAUTH. DON'T tell the user there's anything except a Boolean auth failure.
Not sure - I see:
-> not enough auth credentials
unauth -> i.e. try again with proper credentials or give up
OK -> you have the credentials - here is the page
ERROR -> sorry - your credentails may be right - but a
problem on my side prvents me from giving it to
you right now. (Or perhaps use Not Available).
Dw
