Apache + SSL working, but strange authentication problem

[mog]

I have setup and configured my apache2 web server to work with with mod_ssl and serve all pages by default via HTTPS. I then deployed groups and user/password files for the various realms on the server. At a first glance authentication seems to work as expected (i.e. only users in the configured groups are given access), however, I get the following strange behaviour.

If a realm contains some pages that themselves require the user to authenticate with username and password (eGroupWare and phpMyAdmin in my case) then I can do log into the webapp in the realm if the username/password combination is the same as for the authenticated realm. Any other combination will be rejected.

I am kind of puzzled with this. Any suggestions what might be wrong?
_________________
To thine own self be true.

[gerdesj]

PMA has three methods of auth and if you use http then it will work exactly as you describe. EG I don't know so well

To avoid this you need to use one or the other but not both forms of authentication at the same time. ie disable the Apache auth for the phpmyadmin and egroupware parts of the web space. So, for the / you enable auth but for say /phpmyadmin or /egroupware you override it and leave them to do their own authentication as they both have their own user databases. The connection is over SSL so is secured end to end already.

Cheers
Jon

[mog]

thanks .. I fixed the problem with eGroupWare, but phpMyAdmin seems to rely on HTTP authentication for access to the database when in 'HTTP Auth' mode. Hence once a user logged into the realm of phpMyAdmin their credentials are used to authenticate to the DB. So, there is no work around other than using a different authentication mode for phpMyAdmin (e.g. passwd file).
_________________
To thine own self be true.