Richard, I think I mis-read your description, and totally missed that you had configured mod_authnz_external properly. I probably shouldn't triage bugs at 4:30am.
I suspect that the order matters because some of the other modules you are loading override mod_authnz_external's authoritative status after it is configured. Possibly mod_authz_default is the culprit... as it defaults to authoritative:
I wonder, if you put mod_authz_default last, does it have the same enabling effect?
Re-opening as New, leaving set to mod_authnz_external for now, though it may be that mod_authz_default needs to always load last, which would be a bug in apache2.
Richard, I think I mis-read your description, and totally missed that you had configured mod_authnz_external properly. I probably shouldn't triage bugs at 4:30am.
I suspect that the order matters because some of the other modules you are loading override mod_authnz_ external' s authoritative status after it is configured. Possibly mod_authz_default is the culprit... as it defaults to authoritative:
http:// httpd.apache. org/docs/ current/ mod/mod_ authz_default. html
I wonder, if you put mod_authz_default last, does it have the same enabling effect?
Re-opening as New, leaving set to mod_authnz_external for now, though it may be that mod_authz_default needs to always load last, which would be a bug in apache2.