Re: custom error messages/authentication problem

[Brian Behlendorf <br...@wired.com>]

(brought to the list because I forgot to cc: it to begin with)

On Thu, 30 Mar 1995, Rob Hartill wrote:
> > If I set in the srm.conf
> > 
> > ErrorDocument 401 /401.html
> > 
> > apache will output the contents of that file, but it won't send the right 
> > HTTP headers to the client telling them they need to authenticate.  So 
> > instead of a prompt for a name/password, the user just sees that page 
> > (when normally they only see that page if they give up on registering).
> 
> Hmm, the trick (at the moment) appears to be that you need to
> redirect to a script which produces...
> 
> print "Status: 401 Auth req\r
> Content-type: text/html\r
> WWW-Authenticate: whatever\r\n\r\n
> 
> I don't use authentication so I'm not setup to try it out. Let me
> know if that fixes it. If not, it might be possible to fiddle a bit
> to get it working.

Err, I think the general problem is that if the error message also sends 
any extra headers (like 401, I don't know of any others) then those 
headers should be sent even if an HTML file is indicated as the 
response.  The mechanisms should already be there for this - if the 
ErrorDocument directive is just a text string then the 401 response is 
correct and the user is prompted for a name/password.  

it should be noted that arena never shows the extra text that goes along 
with the 401 response (when done correctly).  Interesting.

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@hotwired.com  brian@hyperreal.com  http://www.hotwired.com/Staff/brian/