From: Jon W. <jw...@ca...> - 2006-04-21 11:33:53
|
On Mon, 17 Apr 2006, Craig A. Haynal wrote: > A few days ago I was having a problem with 503 errors accompanied by a > message in the error log: "configuration error: couldn't check access. No > groups file?". > > I determined that the OS X Server 10.4.6 update had changed the modules list > in my Apache configuration and mod_auth was no longer being loaded; setting > mod_auth to load and restarting the server fixed my problem, so you might > want to check your error log for messages similar to the above. Indeed - I've just been investigating this in a non-CAS context. Apache on OS X Server (though not on the non-Server version) appears to use mod_auth_apple in place of mod_auth by default. mod_auth_apple seems to be a modified mod_auth which can also look users up in the system password anfd group files (or MacOS equivalent). As from 10.4.6, mod_auth_apple appears to decline to perform authorization if AuthType isn't set to 'Basic' (prior to 10.4.6 it would perform authorization for any AuthType). Apple seem to also provide an un-modified mod_auth and the best solution to this problem seems to be to enable that. The two can probably co-exist, but it would be safer to also disable mod_auth_apple unless its features are required. The "configuration error: couldn't check access. No groups file?" message is misleading - in this case it actually means that Apache couldn't find a handlers willing to perform the authorization step. Jon. -- Jon Warbrick Web/News Development, Computing Service, University of Cambridge |