On 5/10/07, TJB <tjb00000@xxxxxxxxx> wrote:
1) Every request for a missing file results in a request for reauthentication. To solve this, I've added rewrite rules which check for file existence. If a requested file doesn't exist, it rewrites the request to an informative php script. This works well.
You could also try using the ErrorDocument 404 directive to point to someplace non-authenticated. But this does appear to be a miss-feature in the mod_authz_unixgroup module. It obviously doesn't know how to determine the correct authorization info if the file doesn't exist (since it can't use the file's group info). It should have some fallback.
2) A request for an existing file to which the authenticated user is not authorized results in the desired request for reauthentication and access denial. However, when the user then returns to a file to which s/he is authorized, s/he is again forced to reauth. It's as if the user's login is forgotten after every step out-of-bounds. Is this the expected behavior for "Require file-group"? If so, can anyone recommend a friendlier work-around?
This does seem like an inherent problem of file-group. The problem is that you have areas with different authorization requirements, but they are all under the same "realm" (AuthName). The browser uses the realm to determine when it should cache and resend credentials. When you hit an unauthorized file, the browser will receive the 401 response and flush the credentials for that realm. I don't see any easy way around that. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|