by the way, i submitted a patch to fix those crazy 'no user file?'
messages a while ago( message appended to this one).
I think the core should return HTTP_UNAUTHORIZED when all auth modules
return DECLINED (instead of calling decl_die). This way you can give all
auth modules a chance at authenticating without caring the order they are
loaded.
While you're in there, another quirk is that mod_auth handles the
'Require valid-user' case. This seems like it is an apache standard and
should be in the core (so you don't have to have mod_auth enabled simply
to return OK on a Require valid-user).
--sterling
On Sun, 19 Aug 2001, Rodent of Unusual Size wrote:
> Currently, mod_auth (and friends) return DECLINED when asked
> to authenticate a user and there is no AuthUserFile declared.
> This means that the server checks with all the other
> authentication handlers, and is likely to eventually die
> with a 500 status and the cryptic 'no user file?' message
> in the log file.
>
> The lack of an AuthUserFile directive really *is* a configuration
> error, but I would like to propose modifying this behaviour
> slightly. If mod_auth is authoritative and there is no
> userfile, I propose logging the missing file in the error log
> and returning HTTP_UNAUTHORIZED. This will hopefully save
> a wee bit of confusion, and also potentially some cycles
> from the core consulting other, non-authoritative, modules
> to end up with the same result.
>
------------------------------------------------------------------
Hi all -
When no auth handlers are willing to handle a request, you get an
internal error (which is correct) and a log message which says 'No User
File?' or 'No Group File?'. This can be very misleading (especially if
you don't have mod_auth enabled :). I suggest a more accurate message is
printed - (e.g. the patch below) Feel free to change the wording :)
sterling
Index: modules/http/http_request.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/http/http_request.c,v
retrieving revision 1.105
diff -u -r1.105 http_request.c
--- modules/http/http_request.c 2001/08/06 19:13:02 1.105
+++ modules/http/http_request.c 2001/08/06 19:45:17
@@ -316,14 +316,14 @@
if (ap_some_auth_required(r)) {
if (((access_status = ap_run_check_user_id(r)) != 0) || !ap_auth_type(r))
{
decl_die(access_status, ap_auth_type(r)
- ? "check user. No user file?"
- : "perform authentication. AuthType not set!", r);
+ ? "check user. No authentication handler."
+ : "perform authentication. AuthType not set!", r);
return;
}
if (((access_status = ap_run_auth_checker(r)) != 0) || !ap_auth_type(r)) {
decl_die(access_status, ap_auth_type(r)
- ? "check access. No groups file?"
- : "perform authentication. AuthType not set!", r);
+ ? "check auth. No authorization handler."
+ : "perform authentication. AuthType not set!", r);
return;
}
}
@@ -338,14 +338,14 @@
}
if (((access_status = ap_run_check_user_id(r)) != 0) || !ap_auth_type(r))
{
decl_die(access_status, ap_auth_type(r)
- ? "check user. No user file?"
- : "perform authentication. AuthType not set!", r);
+ ? "check user. No authentication handler."
+ : "perform authentication. AuthType not set!", r);
return;
}
if (((access_status = ap_run_auth_checker(r)) != 0) || !ap_auth_type(r)) {
decl_die(access_status, ap_auth_type(r)
- ? "check access. No groups file?"
- : "perform authentication. AuthType not set!", r);
+ ? "check auth. No authorization handler."
+ : "perform authentication. AuthType not set!", r);
return;
}
}
