Hello PHP-folks, Apache-folks and mod_ssl-folks,
I'v a little mysterious phaenomen and I hope, anyone can help me:)
First of all, my configuration:
apache_1.3.19
mod_ssl-2.8.1-1.3.19
auth_ldap-1.5.3
and php-4.0.4pl1
... very nice at all.
On my server I've a test-directory /tests/ with php-info.html, that works
fine (php4 up'n'running). It's only ssl-secured and does'nt use any kind
of auth-features!
Secondly I've configured /server-info on same host with SSL (of course;)
and with ldap_auth authentification, that works also fine.
If I access php-info.html with netscape newly started there is no
'problem'. The access_log looks like
123.123.123.123 - - [29/Mar/2001:12:38:46 +0200] "GET
/tests/php-info.html?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 HTTP/1.0"
200 4440 "https://tirnanog.tuts.nu/tests/php-info.html" "Mozilla/4.76
[en] (X11; U; Linux 2.2.17 i686)"
Fine, is'nt it? (php appends session informations?... maybe bad, but okay)
Now I access /server-info and type in my uid and password,
the apache/auth_ldap works fine, I get the page:
123.123.123.123 - - [29/Mar/2001:12:43:08 +0200] "GET /server-info
HTTP/1.0" 401 471 "-" "Mozilla/4.76 [en] (X11; U; Linux 2.2.17 i686)"
123.123.123.123 - mwei [29/Mar/2001:12:43:16 +0200] "GET /server-info
HTTP/1.0" 200 46109 "-" "Mozilla/4.76 [en] (X11; U; Linux 2.2.17 i686)"
Fine.
Now I access /tests/php-info.html once again:
(Remember - there is no password-check at all!)
123.123.123.123 - mwei [29/Mar/2001:12:44:26 +0200] "GET
/tests/php-info.html HTTP/1.0" 200 72068 "-" "Mozilla/4.76 [en] (X11; U;
Linux 2.2.17 i686)"
Huh? First of all 'mwei' (my ldap autheticated user-id) is being logged?!
But the real bad thing: PHP_AUTH_USER and the uncrypted PHP_AUTH_PASSWORD
(because auth_ldap works with AuthType=Basic) is set! Not very nice at
all, I thing.
What's happen? How can I prevend this stupid password-passing thru php4?
IMHO there is no need to pass auth-informations to php4 (okay, the
PHP_AUTH_USER is needed; but password not!) because I want only auth_ldap
checked auth-areas on my w3-server and this workx very well.
Thnx a lot 4 help or hints,
-- Micha
P.S. Pls. make a Cc: on my email account too. Thnx.
--
42rd Law of Computing: Anything that can go wro
pine: Segmentation violation: Core dumped ^J&6§4^+^)NO CARRIER
--
PHP Install Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
