You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by Jens Kallup <ka...@web.de> on 2020/12/29 17:19:37 UTC

2 times user password dialogs - only one would be enough for me

Hello List Members,

I used Apache 2.4 for this post.
I have problems with the auth modules:

I have a vhost, that work well (but 2 dialog's).
in path / apache2.4 present me a AuthType Form
data with input fields (usernam + pass), and a
submit button.
All clear.
But when I run the apache server with the directives
shpwn bellow, I get 2 dialogs, but I need only one.

When I try to protect the path /index/
I get error.log:

AH00354: Child: Starting 64 worker threads.
AH00027: No authentication done but request not allowed without
authentication for /index/index.php. Authentication not configured?

This message occur's, when I use the following section in vhost:

<Directory "${APACHE_SRC}/html/443/index/">
   Require valid-user
</Directory

<VirtualHost *:443>
...
     DocumentRoot "${APACHE_SRC}/html/443"

     ErrorLog   "${APACHE_LOG}/error.log"
     CustomLog  "${APACHE_LOG}/access.log" combined

     <Location "${APACHE_SRC}/html/443/dologin.php">
         Options -Indexes +FollowSymLinks
         AuthFormProvider file
         AuthName "Restricted Resource"
         AuthType form
         AuthFormLoginRequiredLocation "/index.php"
         AuthFormLoginSuccessLocation  "/start.php"
         AuthUserFile  "${APACHE_SRC}/pass/ApacheAuthUser.passwd"
         AuthGroupFile "${APACHE_SRC}/pass/ApacheAuthUser.groups"
         ErrorDocument 401 /tools/web/error/404.html
         Session On
         SessionCookieName session path=/
     </Location>
     <Directory "${APACHE_SRC}/html/443/index/">
         Options -Indexes +FollowSymLinks
         AuthType basic
         AuthBasicProvider file
         AuthUserFile  "${APACHE_SRC}/pass/ApacheAuthUser.passwd"
         AuthGroupFile "${APACHE_SRC}/pass/ApacheAuthUser.groups"
         AuthName secure
         <RequireAll>
             Require valid-user
         </RequireAll>
     </Directory>
</VirtualHost>

The information's for this directives came from:
https://httpd.apache.org/docs/2.4/mod/mod_auth_form.html

And, when I add:

SetHandler form-login-handler

to

<Location "${APACHE_SRC}/html/443/dologin.php">

the user, and pass input takes no effect, so all is not
protected.

Thanks In Advice

Jens

Re: 2 times user password dialogs - only one would be enough for me

Posted by Bindul Bhowmik <bi...@gmail.com>.

Hello Jens,

I believe you are trying to report an issue with Apache HTTPD server,
in which case this is the wrong list. You might want to try the HTTPD
users list or another list in that project. See
https://httpd.apache.org/lists.html#http-users

Bindul

On Tue, Dec 29, 2020 at 10:19 AM Jens Kallup <ka...@web.de> wrote:
>
> Hello List Members,
>
> I used Apache 2.4 for this post.
> I have problems with the auth modules:
>
> I have a vhost, that work well (but 2 dialog's).
> in path / apache2.4 present me a AuthType Form
> data with input fields (usernam + pass), and a
> submit button.
> All clear.
> But when I run the apache server with the directives
> shpwn bellow, I get 2 dialogs, but I need only one.
>
> When I try to protect the path /index/
> I get error.log:
>
> AH00354: Child: Starting 64 worker threads.
> AH00027: No authentication done but request not allowed without
> authentication for /index/index.php. Authentication not configured?
>
> This message occur's, when I use the following section in vhost:
>
> <Directory "${APACHE_SRC}/html/443/index/">
>    Require valid-user
> </Directory
>
> <VirtualHost *:443>
> ...
>      DocumentRoot "${APACHE_SRC}/html/443"
>
>      ErrorLog   "${APACHE_LOG}/error.log"
>      CustomLog  "${APACHE_LOG}/access.log" combined
>
>      <Location "${APACHE_SRC}/html/443/dologin.php">
>          Options -Indexes +FollowSymLinks
>          AuthFormProvider file
>          AuthName "Restricted Resource"
>          AuthType form
>          AuthFormLoginRequiredLocation "/index.php"
>          AuthFormLoginSuccessLocation  "/start.php"
>          AuthUserFile  "${APACHE_SRC}/pass/ApacheAuthUser.passwd"
>          AuthGroupFile "${APACHE_SRC}/pass/ApacheAuthUser.groups"
>          ErrorDocument 401 /tools/web/error/404.html
>          Session On
>          SessionCookieName session path=/
>      </Location>
>      <Directory "${APACHE_SRC}/html/443/index/">
>          Options -Indexes +FollowSymLinks
>          AuthType basic
>          AuthBasicProvider file
>          AuthUserFile  "${APACHE_SRC}/pass/ApacheAuthUser.passwd"
>          AuthGroupFile "${APACHE_SRC}/pass/ApacheAuthUser.groups"
>          AuthName secure
>          <RequireAll>
>              Require valid-user
>          </RequireAll>
>      </Directory>
> </VirtualHost>
>
> The information's for this directives came from:
> https://httpd.apache.org/docs/2.4/mod/mod_auth_form.html
>
> And, when I add:
>
> SetHandler form-login-handler
>
> to
>
> <Location "${APACHE_SRC}/html/443/dologin.php">
>
> the user, and pass input takes no effect, so all is not
> protected.
>
> Thanks In Advice
>
> Jens
>