Bug#219774: silently ignores AuthUserFile, "AuthAuthoritative off" missing in the default config
Package: apache
Version: 1.3.29-1
Severity: important
The subject says all: the Debian apache does NOT allow user
authentication as described in the HUNDREDS of docs available in the
net. It just fails and tells "user ... not found" in the error log.
Strace shows that it simply ignores the choosed AuthUserFile. There are
no hints about the possible cause for such behaviour, neither in the
example httpd.conf, nor in README.Debian or in the upstream tutorials
like http://httpd.apache.org/docs/howto/auth.html . Only random googling
helps to find other victims of such stupid defaults.
MfG,
Eduard.
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux debian 2.4.23-pre2 #1 Mi Sep 3 16:09:39 CEST 2003 i686
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8
Versions of packages apache depends on:
ii apache-common 1.3.29-1 Support files for all Apache webse
ii debconf 1.3.20 Debian configuration management sy
ii dpkg 1.10.18 Package maintenance system for Deb
hi libc6 2.3.2.ds1-9 GNU C Library: Shared libraries an
ii libdb4.1 4.1.25-10 Berkeley v4.1 Database Libraries [
ii libexpat1 1.95.6-6 XML parsing C library - runtime li
ii libmagic1 4.06-1 File type determination library us
ii logrotate 3.6.5-2 Log rotation utility
ii mime-support 3.23-1 MIME files 'mime.types' & 'mailcap
ii perl [perl5] 5.8.1-4 Larry Wall's Practical Extraction
-- debconf information:
* apache/enable-suexec: false
* apache/server-name: localhost
* apache/document-root: /var/www
* apache/server-port: 80
* apache/init: false
* apache/server-admin: edi@gmx.de
Reply to: