A number of people (probably coming from NCSA servers) are getting
tripped up trying to do authorization based on domain exclusion
The NCSA docs and examples suggest that
AuthUserFile
AuthGroupFile
AuthName
AuthType
need to be defined, even though (AFAIK) none of them make the slightest
bit of difference to authorisation based on domain exclusion.
e.g. NCSA examples suggest,
AuthUserFile /dev/null
AuthGroupFile /dev/null
Apache barfs when it sees some/all Auth* lines, and insists on
prompting for a user/password, even though they aren't required.
Here are 3 solutions (others might exist),
1) document Apache authorization / access control
2) "fix" Apache
3) both of the above
rob
--
http://nqcd.lanl.gov/~hartill/
tripped up trying to do authorization based on domain exclusion
The NCSA docs and examples suggest that
AuthUserFile
AuthGroupFile
AuthName
AuthType
need to be defined, even though (AFAIK) none of them make the slightest
bit of difference to authorisation based on domain exclusion.
e.g. NCSA examples suggest,
AuthUserFile /dev/null
AuthGroupFile /dev/null
Apache barfs when it sees some/all Auth* lines, and insists on
prompting for a user/password, even though they aren't required.
Here are 3 solutions (others might exist),
1) document Apache authorization / access control
2) "fix" Apache
3) both of the above
rob
--
http://nqcd.lanl.gov/~hartill/