The config for mod_auth_mysql is deployed as file in modules.d which causes the module to be loaded at the end of http.conf. It seems that more specific modules must be loaded before the basic modules are loaded (e.g see comment at http://www.ritter-it.de/howto/apache_mysql.html). The basic authentication modules are loaded earlier in http.conf. Reproducible: Always Steps to Reproduce: 1. install apache 2.2 and mod_auth_mysql 2. create a sample .htaccess using only mysql auth 3. access the resource 4. watch the error log Actual Results: Internal Server Error,logs show [Sun Apr 13 19:42:27 2008] [error] Internal error: pcfg_openfile() called with NULL filename [Sun Apr 13 19:42:27 2008] [error] [client 89.31.140.24] (9)Bad file descriptor : Could not open password file: (null), referer: ... Adding an AuthUserFile directive to the .htaccess eliminates the Internal Server Error but authenticates just against the given files and denies access if no user is found. Adding "AuthBasicAuthoritative Off" solves the problem, too, but hinders usage of mysql and basic auth at once.
Changing the order of files as suggested by the first post breaks basic auth ununsable. As with apache 2.2 the mod_auth_basic module is set authoritative by default, it must be disabled by: AuthBasicAuthoritative Off This reenables Authentication against mysql, but apache still tries to find and open a userfile, which is usually not specified. Workaround: Add "AuthUserFile /dev/null", which can be done either for each Mysql authentication directive or globally for the whole webroot. I suggest putting a suitable line somewhere into the default configuration to get rid of the errors.
