Return-Path: Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: (qmail 98376 invoked from network); 11 Feb 2005 20:50:43 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 11 Feb 2005 20:50:43 -0000 Received: (qmail 43468 invoked by uid 500); 11 Feb 2005 20:50:42 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 43437 invoked by uid 500); 11 Feb 2005 20:50:42 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Reply-To: "Apache HTTPD Bugs Notification List" Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 43421 invoked by uid 99); 11 Feb 2005 20:50:42 -0000 X-ASF-Spam-Status: No, hits=0.2 required=10.0 tests=NO_REAL_NAME X-Spam-Check-By: apache.org Received: from ajax-1.apache.org (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.28) with ESMTP; Fri, 11 Feb 2005 12:50:41 -0800 Received: from ajax.apache.org (ajax.apache.org [127.0.0.1]) by ajax.apache.org (8.12.11/8.12.11) with ESMTP id j1BKocnE014953 for ; Fri, 11 Feb 2005 21:50:38 +0100 Received: (from nobody@localhost) by ajax.apache.org (8.12.11/8.12.11/Submit) id j1BKoctw014950; Fri, 11 Feb 2005 21:50:38 +0100 Date: Fri, 11 Feb 2005 21:50:38 +0100 Message-Id: <200502112050.j1BKoctw014950@ajax.apache.org> From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: DO NOT REPLY [Bug 33527] New: - If AuthAuthoritative is off for mod_auth, a 500 is returned instead of a 401 X-Bugzilla-Reason: AssignedTo X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=33527 Summary: If AuthAuthoritative is off for mod_auth, a 500 is returned instead of a 401 Product: Apache httpd-2.0 Version: 2.0.52 Platform: PC OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Core AssignedTo: bugs@httpd.apache.org ReportedBy: dopey@moonteeth.com I'm not sure if this is intended functionality, which is why I'm filing this as an enhancement and not a bug. If it's indeed a bug, please correct me. We're noticing that if AuthAuthoritative is off, mod_auth returns DECLINED back to the core if the user ID provided is not in the password file. This results in the server's request.c handling the DECLINED and calling decl_die(). The drawback of this is that an internal server error is thrown back to the client rather than the appropriate 401. I understand the technical reasons for this (the mod_auth returning back a DECLINED so that additional modules can process) and the core really doesn't know the root reason for the DECLINE, but perhaps it should, and be able to properly throw back a HTTP_UNAUTHORIZED to the client? -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org