Currently, mod_auth (and friends) return DECLINED when asked
to authenticate a user and there is no AuthUserFile declared.
This means that the server checks with all the other
authentication handlers, and is likely to eventually die
with a 500 status and the cryptic 'no user file?' message
in the log file.
The lack of an AuthUserFile directive really *is* a configuration
error, but I would like to propose modifying this behaviour
slightly. If mod_auth is authoritative and there is no
userfile, I propose logging the missing file in the error log
and returning HTTP_UNAUTHORIZED. This will hopefully save
a wee bit of confusion, and also potentially some cycles
from the core consulting other, non-authoritative, modules
to end up with the same result.
--
#ken P-)}
Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/
Author, developer, opinionist http://Apache-Server.Com/
"All right everyone! Step away from the glowing hamburger!"
