diff -Naurp httpd-2.2.18/modules/aaa/mod_auth_basic.c httpd-2.2.18.oden/modules/aaa/mod_auth_basic.c --- httpd-2.2.18/modules/aaa/mod_auth_basic.c 2006-07-12 05:38:44.000000000 +0200 +++ httpd-2.2.18.oden/modules/aaa/mod_auth_basic.c 2011-05-12 07:11:18.840813199 +0200 @@ -252,6 +252,14 @@ static int authenticate_basic_user(reque return DECLINED; } + /* If no providers were configured, and the default file + * provider gave a general error (which will happen only if + * has not been configured), presume that a non-provider-based + * authn module is configured, and get out of the way. */ + if (!conf->providers && auth_result == AUTH_GENERAL_ERROR) { + return DECLINED; + } + switch (auth_result) { case AUTH_DENIED: ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, diff -Naurp httpd-2.2.18/modules/aaa/mod_authn_file.c httpd-2.2.18.oden/modules/aaa/mod_authn_file.c --- httpd-2.2.18/modules/aaa/mod_authn_file.c 2011-02-14 21:31:23.000000000 +0100 +++ httpd-2.2.18.oden/modules/aaa/mod_authn_file.c 2011-05-12 07:11:18.840813199 +0200 @@ -76,6 +76,10 @@ static authn_status check_password(reque return AUTH_GENERAL_ERROR; } + if (!conf->pwfile) { + return AUTH_GENERAL_ERROR; + } + status = ap_pcfg_openfile(&f, r->pool, conf->pwfile); if (status != APR_SUCCESS) {