[PHP-DEV] Authentication does not work on OpenBSD 2.6 From: Ryan Morgan (rmorgan <email protected>)
Date: 03/15/00

When using the latest PHP4 from CVS along with Apache 1.3.12, I have found
that you cannot use Basic authentication to secure any directory other than
/. If you try to secure the directory /secure using .htaccess, you
immediately get sent an auththentication failed page without ever being
asked for your username and password.

If PHP is turned off, everything works just fine.

Now, this problem only shows up on OpenBSD 2.6. I have tried FreeBSD 2.2.8
and 4.0, and things seem to work ok.

I think that it has something to do with PHP sending the wrong headers. I
think its sending a 200 status code, when a 401 should be sent.

HTTP/1.1 200 OK
Date: Wed, 15 Mar 2000 22:20:59 GMT
Server: Apache/1.3.12 (Unix) PHP/4.0b5-dev
WWW-Authenticate: Basic realm="Testing"
Connection: close
Content-Type: text/html; charset=iso-8859-1

But when PHP is turned off, I get

HTTP/1.1 401 Authorization Required
Date: Wed, 15 Mar 2000 22:20:59 GMT
Server: Apache/1.3.12 (Unix)
WWW-Authenticate: Basic realm="Testing"
Connection: close
Content-Type: text/html; charset=iso-8859-1

Which correctly pops up the username/password box.

Can someone here with access to an OpenBSD box confirm these results? Does
anyone have any ideas of how to fix this?

TIA,

-Ryan 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>