You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Mark Diaz <ma...@chromatic.com> on 1998/05/22 01:22:26 UTC
general/2265: double authentication on fully qualified domain name
>Number: 2265
>Category: general
>Synopsis: double authentication on fully qualified domain name
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Class: support
>Submitter-Id: apache
>Arrival-Date: Thu May 21 16:30:00 PDT 1998
>Last-Modified:
>Originator: mark@chromatic.com
>Organization:
apache
>Release: 1.2.5
>Environment:
websvr% uname -a
SunOS websvr 5.6 Generic sun4u sparc SUNW,Ultra-1
websvr% /opt/www/apache/httpd -v
Server version Apache/1.2.5.
websvr%
>Description:
I'm running a web server with virtual hosts using Server version Apache/1.2.5. and am having a problem with double authentication.
If for example I load http://websvr/cri/its/index.html I get authenticated, but then if I load the same page with the fully qualified domain name http://websvr.chromatic.com/cri/its/index.html I get authenticated a second time. Is there a way to prevent this?
(If I load http://websvr.chromatic.com/cri/its/index.html I get authenticated, then if I load http://websvr/cri/its/index.html the page loads fine without reauthenticating.)
My httpd.conf includes...
ServerName websvr.chromatic.com
<VirtualHost 172.16.10.14>
ServerName websvr.chromatic.com
ServerAlias websvr
DocumentRoot /opt/www/jumpgate
ErrorLog logs/websvr-error_log
TransferLog logs/websvr-access_log
</VirtualHost>
# Chromatic Restricted Doc Root
<Directory /opt/www/jumpgate/cri>
AuthName Chromatic Secure Web Server
AuthType Basic
AuthUserFile /etc/passwd.htaccess
AuthGroupFile /etc/group.htaccess
AllowOverride AuthConfig
require group engineering
</Directory>
(BTW, I have tried different browsers and have gotten the same results.)
Thanks in advance for any help,
Mark
mark@chromatic.com
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]