Mailing List Archive

On Mon, 21 Aug 1995, Rob Hartill wrote:
> > BTW: I put a comment around
> > log_reason ("no authentication line", ...
> > cause the error_log grows too much on a server, which has lots
> > of protected documents. And this error occures every time a user
> > follows a link to a protected document for the first time (per
> > session).
> >
> > ---------------------------------------------------------------------
> > Merten Schumann mesc@informatik.tu-chemnitz.de
>
> It's standard practice for browsers not to send an Auth line
> first time, so I think this is not an "error", so should be
> removed for the error_log.

It's functionally equivalent to the fact that a 401 was recorded in the
access_log, but if it gave more information to the admin (i.e., "password
mismatch" or "no such user") that would be very helpful in debugging. I
say make it a runtime option. Actually, a general "debugging level"
option would be very cool.

Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com brian@hyperreal.com http://www.[hyperreal,organic].com/

> > > log_reason ("no authentication line", ...

> It's functionally equivalent to the fact that a 401 was recorded in the
> access_log, but if it gave more information to the admin (i.e., "password
> mismatch" or "no such user") that would be very helpful in debugging.

I think that info does get logged.. (from mod_auth.c)

sprintf(errstr,"user %s not found",c->user);
log_reason (errstr, r->uri, r);


sprintf(errstr,"user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);


the "no authentication line" error log message is just superfluous.


rob