[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#219774: silently ignores AuthUserFile, "AuthAuthoritative off" missing in the default config

Package: apache
Version: 1.3.29-1
Severity: important

The subject says all: the Debian apache does NOT allow user
authentication as described in the HUNDREDS of docs available in the
net. It just fails and tells "user ... not found" in the error log.
Strace shows that it simply ignores the choosed AuthUserFile. There are
no hints about the possible cause for such behaviour, neither in the
example httpd.conf, nor in README.Debian or in the upstream tutorials
like http://httpd.apache.org/docs/howto/auth.html . Only random googling
helps to find other victims of such stupid defaults.

MfG,
Eduard.

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux debian 2.4.23-pre2 #1 Mi Sep 3 16:09:39 CEST 2003 i686
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8

Versions of packages apache depends on:
ii  apache-common                1.3.29-1    Support files for all Apache webse
ii  debconf                      1.3.20      Debian configuration management sy
ii  dpkg                         1.10.18     Package maintenance system for Deb
hi  libc6                        2.3.2.ds1-9 GNU C Library: Shared libraries an
ii  libdb4.1                     4.1.25-10   Berkeley v4.1 Database Libraries [
ii  libexpat1                    1.95.6-6    XML parsing C library - runtime li
ii  libmagic1                    4.06-1      File type determination library us
ii  logrotate                    3.6.5-2     Log rotation utility
ii  mime-support                 3.23-1      MIME files 'mime.types' & 'mailcap
ii  perl [perl5]                 5.8.1-4     Larry Wall's Practical Extraction 

-- debconf information:
* apache/enable-suexec: false
* apache/server-name: localhost
* apache/document-root: /var/www
* apache/server-port: 80
* apache/init: false
* apache/server-admin: edi@gmx.de
Reply to: