*** empty log message ***

doc/WEBSERVER.txt

@@ -127,7 +127,7 @@ Zope authentication with existing web servers
   password, there is a good chance that your web server is not passing
   authentication information to Zope.
 
-  Tricking Apache to pass authentication headers
+  Getting Apache to pass authentication headers
 
     Before attempting to use your own Apache with Zope, it is highly
     recommended that you look at Zap.  Zap is a preconfigured and
@@ -141,7 +141,7 @@ Zope authentication with existing web servers
 
       http://www.zope.org/Download/Releases/Zap-1.1.0
 
-    If you are using Apache you will need to trick Apache into passing
+    If you are using Apache you will need to convince Apache to pass
     authentication headers to Zope. The easiest way to do this with
     Apache 1.3 and above is to use mod_rewrite. Here is an example of
     configuration information which you would place in an Apache conf
@@ -155,6 +155,15 @@ Zope authentication with existing web servers
     Note that the RewriteRule should be one long line, and that the last
     character is the letter l, not the number 1.
 
+    For Apache servers version 1.3b4 and above, there is an alternate way 
+    to get the server to pass through authorization headers, but you must
+    have the ability to recompile your Apache server binary. If you pass
+    the flag -DSECURITY_HOLE_PASS_AUTHORIZATION when compiling the server,
+    the resulting Apache binary will allow authorization headers to pass
+    through to CGI programs and you can avoid using the Rewrite rules
+    described above. Note that this
+
+
   Allowing your server to handle authentication itself
 
     Sometimes you may prefer to handle authentication outside Zope, for
@@ -267,4 +276,3 @@ Zope authentication with existing web servers
 
 
 
-