Re: mod_auth-any/1809: Suggestion for improving authentication modules and core source code, problem with 401 and ErrorDocument

[br...@hyperreal.org]

[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]


Synopsis: Suggestion for improving authentication modules and core source code, problem with 401 and ErrorDocument

State-Changed-From-To: open-suspended
State-Changed-By: brian
State-Changed-When: Tue May 19 18:14:09 PDT 1998
State-Changed-Why:
In light testing with the current 1.3 betas, it looks like
the WWW-Authenticate header *IS* being sent when the 
ErrorDocument 401 is a CGI script, even if the CGI itself 
doesn't send it.  All of our energies are
currently focusing on getting 1.3 out the door out of beta,
so I would consider this bug "fixed".  Your patch, though,
is really about adding new env variables to the 401 errordoc
environment, which isn't a bad idea, but being in a feature
freeze right now it's tough for us to consider adding it.  
We do know that auth will have to be revamped for 2.0 (which
is where we'll be focusing after 1.3 is done), so it may be
best for us to focus on making that environment rich then.

For the time being, it would be great if you could rev your
patch against 1.3.0 (when it comes out), making sure to update
the api calls (e.g. table_set -> ap_table_set) and registering
it at modules.apache.org.

Thanks!  And please let us know if 1.3 doesn't fix this 
problem - you can get the latest CVS version from
http://dev.apache.org/from-cvs/, or the latest beta from
http://www.apache.org/dist/.

    Brian