Return-Path: 
 <apache-bugdb-return-521-apmail-apache-bugdb-archive=apache.org@apache.org>
Delivered-To: apmail-apache-bugdb-archive@apache.org
Received: (qmail 76576 invoked by uid 500); 7 Apr 2000 14:40:05 -0000
Mailing-List: contact apache-bugdb-help@apache.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
Reply-To: apache-bugdb@apache.org
list-help: <mailto:apache-bugdb-help@apache.org>
list-unsubscribe: <mailto:apache-bugdb-unsubscribe@apache.org>
list-post: <mailto:apache-bugdb@apache.org>
Delivered-To: mailing list apache-bugdb@apache.org
Received: (qmail 76517 invoked by uid 501); 7 Apr 2000 14:40:01 -0000
Resent-Date: 7 Apr 2000 14:40:01 -0000
Resent-Message-ID: <20000407144001.76516.qmail@locus.apache.org>
Resent-From: submit@bugz.apache.org (GNATS Filer)
Resent-To: apache-bugdb@apache.org
Resent-Cc: apache-bugdb@apache.org
Resent-Reply-To: submit@bugz.apache.org, houserj@vtls.com
Received: (qmail 73487 invoked by uid 65534); 7 Apr 2000 14:32:11 -0000
Message-Id: <20000407143211.73486.qmail@locus.apache.org>
Date: 7 Apr 2000 14:32:11 -0000
From: John Houser <houserj@vtls.com>
Reply-To: houserj@vtls.com
To: submit@bugz.apache.org
X-Send-Pr-Version: 3.110
Subject: mod_auth-any/5969: Password authentication fails with mod_auth.


>Number:         5969
>Category:       mod_auth-any
>Synopsis:       Password authentication fails with mod_auth.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Apr 07 07:40:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     houserj@vtls.com
>Release:        1.3.6
>Organization:
apache
>Environment:
HP-UX zeus B.11.00 B 9000/887 1925771271 16-user license
>Description:
I've set up a restricted directory for some CGI scripts.  My intent is to allow GET queries without a password.  POST queries should require one.  The directory setup is as follows:

<Directory "/users/clas34/restricted/">
   AllowOverride Any
   Options ExecCGI
   Order allow,deny
   Allow from all
</Directory>

The .htaccess file in the restricted directory is as follows:
AuthType Basic
AuthUserFile /usr/local/apache/conf/.htpasswd
AuthName "Class 34 Restricted"
<Limit POST>
Require Valid-user
</Limit>

The .htpasswd file exists and contains an entry:
class34:VsiUV2LUTsCUQ

When I try a GET that works fine.  When I try a POST the password entered is never accepted.

By the way, I expect to change the 'Allow from all' in the Directory to 'Deny from all' when everything is working, but right now I need to provide access.
>How-To-Repeat:
The server is behind a firewall.
>Fix:
None.
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]