Another authorization requested for already logged in user by certain operations

[flad@…]

Using 0.11dev r5883 and mod_ldap authentication via apache we get the following strange behaviour for an authenticated user:

1. log in
2. go to "New Ticket" and enter a ticket, or edit an existing ticket
3. click on "Submit"
4. the authenticate window pops up again, even though the user appears as "logged in"
5. after this second authentication, it is not necessary to authenticate again in this situation

alternatively we also see this behaviour when viewing your "Preferences", changing e.g. your email and clicking on "save" there …and possibly in other situations.

This does *not* happen when the user is in the TRAC_ADMIN group

Of course this is a quite annoying behaviour, any suggestions welcome

[anonymous]

What location path are you securing with mod_ldap?

[anonymous]

sorry problem exists also as TRAC_ADMIN. we'll attach our trac.conf apache2 config-file

[anonymous]

It almost certainly has to do with your use of LocationMatch. Have you tried just adding your Auth statements to the /projects location?

[Emmanuel Blot]

This really looks like a configuration issue rather than an issue w/ Trac: the authentication window is popped up by Apache, not by Trac.

Please copy the relevant section of your trac.ini file, especially the base_url parameter.

[flad@…]

this is no trac-bug, but stems from authentication behaviour between http server and client.

if there is a mismatch between the requested url and the base_url in your trac.ini (e.g. base_url contains the fqdn and your request is just to ​http://hostname/) you will need two authentication as your browser stores two different authentication-cookies.

to prevent this you can use an apache rewrite rule such as (in <VirtualHost>)

RewriteEngine On RewriteCond %{SERVER_NAME} ^{hostname$ RewriteRule} (.*)$ ​http://fqdn$1 [R]

[Emmanuel Blot]

(invalid status)