www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Houser <hous...@vtls.com>
Subject mod_auth-any/5969: Password authentication fails with mod_auth.
Date Fri, 07 Apr 2000 14:32:11 GMT

>Number:         5969
>Category:       mod_auth-any
>Synopsis:       Password authentication fails with mod_auth.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Apr 07 07:40:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     houserj@vtls.com
>Release:        1.3.6
>Organization:
apache
>Environment:
HP-UX zeus B.11.00 B 9000/887 1925771271 16-user license
>Description:
I've set up a restricted directory for some CGI scripts.  My intent is to allow GET queries
without a password.  POST queries should require one.  The directory setup is as follows:

<Directory "/users/clas34/restricted/">
   AllowOverride Any
   Options ExecCGI
   Order allow,deny
   Allow from all
</Directory>

The .htaccess file in the restricted directory is as follows:
AuthType Basic
AuthUserFile /usr/local/apache/conf/.htpasswd
AuthName "Class 34 Restricted"
<Limit POST>
Require Valid-user
</Limit>

The .htpasswd file exists and contains an entry:
class34:VsiUV2LUTsCUQ

When I try a GET that works fine.  When I try a POST the password entered is never accepted.

By the way, I expect to change the 'Allow from all' in the Directory to 'Deny from all' when
everything is working, but right now I need to provide access.
>How-To-Repeat:
The server is behind a firewall.
>Fix:
None.
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message