Summary: | Broken(?) 401 response from Apache 1.3.27 when digest auth required | ||
---|---|---|---|
Product: | Apache httpd-1.3 | Reporter: | almighty |
Component: | Auth/Access | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | CLOSED FIXED | ||
Severity: | normal | ||
Priority: | P3 | ||
Version: | HEAD | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | All |
Description
almighty
2003-02-10 18:27:19 UTC
Well, it's a bug in the code that guesses the domain parameter. It relies on having unix paths (starting with slash). You can work around it by using the AuthDigestDomain directive explicitely. (You should always use the AuthDigestDomain directive anyway) It's fixed in 2.1 and proposed for backport. Thanks for the report and thanks for using Apache! Misfortunately the AuthDigestDomain directive is not recognized by Apache 1.3.x (only version 2.0.x) I have also experimented a bit. I have now a Linux Apache 1.3.27 (compiled from source) running. Authorisation works with configurations equivalent to both described configs in my original message. However there seems to be no domain parameter at all in the 401 response here (both configurations). I don't know if one has to be there - so I can live with my result. Maybe you could take this as a feature request ;-) Bye, Andreas Leuner oh, it seems, we're talking about two different things. There are two modules in 1.3 for digest authentication, mod_digest (deprecated) and the newer mod_auth_digest. The latter recognizes the AuthDigestDomain directive and creates the described error (in Directory containers and if not set). I'd guess you have installed good ol' mod_digest under Linux, where the domain parameter will not be composed at all. argh, you're right. I remember that I explicitly took mod_auth_digest for the windows server. I must have slept when I set up Apache for Linux. I will try mod_auth_digest ASAP. Now I got it. I have recompiled my Apache including mod_digest_auth. Regarding the domain parameter the Linux version behaves wrong similar to the windows version. If I use the <Directory> directive to configure the authentication the domain parameter in the 401 response will be an _empty_ string. This confuses at least Konqueror which keeps on loading forever. If I use <Location>, that parameter will have the correct value. Using the AuthDigestDomain directive indeed makes both <Directory> and <Location> work (thanks for the correction). Thanks for your help, Andreas Leuner Well, I changed the fix by removing the domain guessing code entirely. Guessing here seems totally bogus to me. (aside from the broken guessing code anyway). The effect is then, if no AuthDigestDomain is specified, the domain attribute will be omitted (which is the same as AuthDigestDomain /). If nobody vetoes the change, it will hopefully be backported. Thanks again. Fix will be available in the next release (1.3.28). |