You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Mark Diaz <ma...@chromatic.com> on 1998/05/22 01:22:26 UTC

general/2265: double authentication on fully qualified domain name

>Number:         2265
>Category:       general
>Synopsis:       double authentication on fully qualified domain name
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          support
>Submitter-Id:   apache
>Arrival-Date:   Thu May 21 16:30:00 PDT 1998
>Last-Modified:
>Originator:     mark@chromatic.com
>Organization:
apache
>Release:        1.2.5
>Environment:
websvr% uname -a
SunOS websvr 5.6 Generic sun4u sparc SUNW,Ultra-1
websvr% /opt/www/apache/httpd -v
Server version Apache/1.2.5.
websvr% 
>Description:
I'm running a web server with virtual hosts using Server version Apache/1.2.5. and am having a problem with double authentication.

If for example I load http://websvr/cri/its/index.html I get authenticated, but then if I load the same page with the fully qualified domain name http://websvr.chromatic.com/cri/its/index.html I get authenticated a second time. Is there a way to prevent this?

(If I load http://websvr.chromatic.com/cri/its/index.html I get authenticated, then if I load http://websvr/cri/its/index.html the page loads fine without reauthenticating.)

My httpd.conf includes...

ServerName websvr.chromatic.com
 
<VirtualHost 172.16.10.14>
 
        ServerName      websvr.chromatic.com
        ServerAlias     websvr
        DocumentRoot    /opt/www/jumpgate
        ErrorLog        logs/websvr-error_log
        TransferLog     logs/websvr-access_log
 
</VirtualHost>

# Chromatic Restricted Doc Root
<Directory /opt/www/jumpgate/cri>
 
        AuthName        Chromatic Secure Web Server
        AuthType        Basic
        AuthUserFile    /etc/passwd.htaccess
        AuthGroupFile   /etc/group.htaccess
        AllowOverride   AuthConfig
 
        require group   engineering
 
</Directory>

(BTW, I have tried different browsers and have gotten the same results.)
 
Thanks in advance for any help,
Mark
mark@chromatic.com
 
>How-To-Repeat:

>Fix:

>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]