Received: (qmail 537 invoked from network); 3 Nov 1999 18:01:46 -0000
Message-Id: <19991103130608.6247.rocketmail@web1602.mail.yahoo.com>
Date: Wed, 3 Nov 1999 05:06:08 -0800 (PST)
From: vsolve apache <vsolve_apache@yahoo.com>
To: apbugs@hyperreal.org
Cc: apbugs@apache.org, new-httpd@apache.org
Subject: Clarification on contradiction between the Apache Core Features document and its original behavior

>Number:         5242
>Category:       pending
>Synopsis:       Clarification on contradiction between the Apache Core Features document and its original behavior
>Confidential:   yes
>Severity:       serious
>Priority:       medium
>Responsible:    gnats-admin
>State:          closed
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Wed Nov  3 10:10:00 PST 1999
>Last-Modified:  Wed Nov  3 10:11:56 PST 1999
>Originator:     
>Organization:
>Release:        
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
State-Changed-From-To: open-closed
State-Changed-By: marc
State-Changed-When: Wed Nov  3 10:11:55 PST 1999
State-Changed-Why:
Misfiled PR.  You _need_ to submit bug reports via the
web form.  There is no way the bug tracking system can
magically figure out what you mean if you send random
emails to it.
>Unformatted:
Category:       config
Class:          sw-bug
Release:        1.3.9
Environment:    Redhat Linux 6.0

Description:

The content of Apache Core Features document for
Satisfy directive as

"Access policy if both allow and require used. The
parameter can be either 'all' or 'any'. This directive
is only useful if access to a particular area is being
restricted by both username/password and client host
address. In this case the default behavior ("all") is
to require that the client passes the address access
restriction and enters a valid username and password.
With the "any" option the client will be granted
access if they either pass the host restriction or
enter a valid username and password. This can be used
to password restrict an area, but to let clients from
particular addresses in without prompting for a
password."

case 1:
But when we try this with 'Satisfy all' options, it
works fine without the 'require' line in httpd.conf
file.

case 2:
'Satisfy any' option also works fine if we have
'AuthType' line (without 'require' line) in httpd.conf
file.

It creates the contradiction between the Apache Core
Features document and its original behavior.

Clarify the above.

How-to-repeat:
Case 1:
Add 

    satisfy all

to your conf file in <Directory "apache/htdocs">
Context and restart

Case 2:
Add 

    satisfy any
    AuthType Basic

to your conf file in <Directory "apache/htdocs">
Context and restart

Fix:

We can fix the bug in apache to behave as per document
after getting the reply.

regards,
vsolve_apache.




=====

__________________________________________________
Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com