[users@httpd] basic auth, apache, and denies

[mo...@frakir.org]

Question:

apache 1.3.x.  apache basic auth (over SSL) involving many users and
groups.  Alice's group gets access to /x and /y, but Bob's group only
gets access to /x.  When Bob tries to access /x, Bob gets a
username/password prompt.  Bob types in his username and password, and
all is good.  But if Bob tries to go to /y, he gets a username and
password prompt again and again.  This is presumably because apache
knows Bob isn't supposed to have access to /y, so it sends a 401
error, and the browser prompts for another username and password in
the hope that Bob has another login that will work.  Of course, this
confuses Bob to no end.

So what I would like is for Bob's access attempts to /y to result in a
403 instead of a 401.  In more concrete terms, if the browser presents
username/password credentials to a resource, and those credentials are
valid credentials but are not allowed access to this particular
resource, the access should result in a 403, or similar, instead of a
401.

Is this possible?  A google search didn't turn up anything useful.
Probably not imaginitive enough in search terms; someone else has to
have had this problem before.

Thanks!

- Morty

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org