Bug#219774: Causing Reason identified (Re: Bug#219774: Doesn't help)
> First of all none of you have been providing enough information about your
> setup. Authentication works for me using different schemes. Which
> authentication modules are not working for you? Which is your config?
First, i'm sorry for my little bit of flamage yesterday, but i was really
upset, because this was the second time my apache - which is much needed
here - broke on the same day. First the index.html problem (no upgrade, just
added a module) and after that this problem here.
I have now found out how the problem can be reproduced and forced. The
problem is the sys_auth_module. When it is loaded, the standard
configuration widely used for password protected sites will fail without any
usable error message.
I have the following auth-modules in my apache-config (didn't choosed them,
they were added by the debian package):
LoadModule auth_module /usr/lib/apache/1.3/mod_auth.so
[...]
LoadModule anon_auth_module /usr/lib/apache/1.3/mod_auth_anon.so
LoadModule dbm_auth_module /usr/lib/apache/1.3/mod_auth_dbm.so
LoadModule db_auth_module /usr/lib/apache/1.3/mod_auth_db.so
[...]
LoadModule sys_auth_module /usr/lib/apache/1.3/mod_auth_sys.so
Config from httpd.conf which worked _was_:
<Directory /var/www/>
[...]
AllowOverride AuthConfig
[...]
</Directory>
In this Directory i have a .htaccess:
AuthType Basic
AuthName "kjus Entwicklungslabor"
AuthUserFile /etc/apache/.htpasswd
require valid-user
This is just the plain normal configuration used by a lot of sites. The
configuration worked until the latest upgrade. Now it just states 'User xxx
not found' in the error.log. There are three possible fixes to this:
a.) One can remove the sys_auth_module. This should be done anyways, as
you are rightful warning about the usage. I have no idea why the
debian package added this module. I didn't asked for it, and in
my opinion it should never be added by default.
b.) One can add the Suggested Line by Edward after the AllowOverride
Statement. The AuthAuthoritative Off Setting will tell the Apache
the continue even if a previous auth module failed. As it seems,
the modules will be queried in the reverse order as they were
loaded. So in my config above sys_auth_module will be queried first,
and then db_auth_module, dbm_auth_module and anon_auth_module
(all three are not triggered by my configuration and will not fail),
and the auth_module seems to be last asked. This leads me to
solution c:
c.) The sys_auth_module could just be loaded _before_ auth_module.
So c.) might be the easiest fix, but i still stay to a.) and ask why this
module was included in standard config (was it? i wasn't asked about it, and
it was not added by me...)
Hope to be helpful to now resolve this problem.
Regards
Michael
--
Michael Holzt, DL3KJU, kju@fqdn.org, kju@debian.org, kju@IRCNet
Reply to: