httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arne Heizmann <>
Subject [users@httpd] SSPI auth Optional?
Date Wed, 21 Nov 2007 17:51:56 GMT


I'm not sure if this is at all possible, so correct me if I'm chasing a 
ghost... I'm in the following situation:

We have a system which already has an authentication mechanism (using 
cookies). We want to change this so that it uses mod_sspi, like this:

   <Location />
     AuthName "website name goes here"
     AuthType SSPI
     SSPIAuth On
     SSPIAuthoritative On
     SSPIOfferBasic On
     SSPIBasicPreferred Off
     Require valid-user

However, we also have automated scripts accessing the same server, and 
we don't want to have to change them all, so we want the SSPI 
authentication to be _optional_.

Unfortunately it appears that if I remove the "Require valid-user" line, 
the browser doesn't send the authentication credentials at all (doesn't 
even prompt the user).

Is it at all possible to have a system where the username/password box 
pops up in the browser, but if the user presses Cancel, the website is 
still viewable (in my case a PHP script which would then output the 
Access Denied message as appropriate)?


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message