httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <>
Subject RE: [users@httpd] Basci Authentication
Date Tue, 29 Apr 2003 07:58:28 GMT
Plain text please...

Your weird scenario occurs because you are nesting authentication
realms. This is not supported in HTTP and the results are browser
dependent. When you make a request that leads to
/usr/download/software/myfile, the server can only respond with one 401
response - how is the browser supposed to know which directory it refers
to? Normally, there is only one "Authorization" header in an HTTP
request - how is the server supposed to know which directory to apply it

I guess it "works" if you use the user admin because he is authorised
for both realms and so gets in but really what is going on behind the
scenes is anyone's guess.

Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

-----Original Message-----
From: Lee Peik Feng []
Sent: Dienstag, 29. April 2003 09:36
Subject: [users@httpd] Basci Authentication

***forgot to put a subject 

    I have setup apache1.3.27 on RedHat Linux 7.3 with the following
configuration in httpd.conf to enable basic authentication.

    However, I encounter a weird scenario where if I use guest to access the browser will prompt me for
password for unlimited time until I press esc or cancel then only I
could see the page. I could enter the password once and press esc/cancel
and I'll be able to access the page. If I use admin to access the same
url, I only need to type password once.  Why is this happen ? Is there
something wrong with my configuration?

DirectoryIndex index.html index.htm
DocumentRoot /usr/download

<Directory /usr/download>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile /opt/apache/passwd/passwords
Require user admin

<Directory /usr/download/software>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile /opt/apache/passwd/passwords
Require user admin guest

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender’s company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender’s company. 

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message