httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] Problems with ""sequencing" of FakeBasicAuth vs. Require using client certs for Authentication
Date Wed, 04 May 2016 15:57:05 GMT
On Wed, May 4, 2016 at 11:39 AM, o haya <ohaya@yahoo.com.invalid> wrote:
> Looking at the Apache logs, what we see when this fails is:
>
> mod_authz_core: AH01626: authorization result of Require valid-user : denied (no authenticated
user yet) then
> mod_authz_core: AH01626: authorization result of <RequireAny>: denied (no authenticated
user yet) then
> ssl: AH02036: Faking HTTP Basic Auth header: "Authorization: Basic xxxxxxxxxxxxx"
>
> From the logging (as above), it seems like mod_authz_core is denying the authentication
(because there is no authenticated user yet) BEFORE the Basic Auth "Faking" occurs, and thus,
BEFORE the LDAP authentication occurs.
>
> Does anyone know if this interpretation of what is happening correct?


I don't think the interpretation is entirely right.  It clearly didn't
stop processing.  authz_core checks for some kind of userless access
control methods early, like "require ip".

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message