diff -r -u cosign-2.0.2.orig/filters/apache/mod_cosign.c cosign-2.0.2/filters/apache/mod_cosign.c
--- cosign-2.0.2.orig/filters/apache/mod_cosign.c	2007-02-23 19:18:05.000000000 +0000
+++ cosign-2.0.2/filters/apache/mod_cosign.c	2007-03-06 15:58:18.000000000 +0000
@@ -934,7 +934,7 @@
         "the URL to deliver bad news about POSTed data" },
 
         { "CosignService", set_cosign_service,
-        NULL, RSRC_CONF | ACCESS_CONF, TAKE1,
+        NULL, RSRC_CONF | OR_AUTHCFG, TAKE1,
         "the name of the cosign service" },
 
         { "CosignProtected", set_cosign_protect,
@@ -974,7 +974,7 @@
 	"\"never\", \"initial\", or \"always\"" },
 
 	{ "CosignSiteEntry", set_cosign_siteentry,
-	NULL, RSRC_CONF | ACCESS_CONF, TAKE1,
+	NULL, RSRC_CONF | OR_AUTHCFG, TAKE1,
 	"\"none\" or URL to redirect for users who successfully authenticate" },
 
 	{ "CosignRequireFactor", set_cosign_factor,
@@ -990,7 +990,7 @@
 	"on or off, on allows you to accept faux factors, off denies access" },
 
 	{ "CosignAllowPublicAccess", set_cosign_public,
-	NULL, RSRC_CONF | ACCESS_CONF, FLAG,
+	NULL, RSRC_CONF | OR_AUTHCFG, FLAG,
 	"make authentication optional for protected sites" },
 
         { "CosignHttpOnly", set_cosign_http,
Only in cosign-2.0.2/filters/apache: mod_cosign.c.orig
diff -r -u cosign-2.0.2.orig/filters/apache2/mod_cosign.c cosign-2.0.2/filters/apache2/mod_cosign.c
--- cosign-2.0.2.orig/filters/apache2/mod_cosign.c	2007-02-24 22:20:09.000000000 +0000
+++ cosign-2.0.2/filters/apache2/mod_cosign.c	2007-03-06 15:58:42.000000000 +0000
@@ -930,7 +930,7 @@
         "the URL to deliver bad news about POSTed data" ),
 
         AP_INIT_TAKE1( "CosignService", set_cosign_service,
-        NULL, RSRC_CONF | ACCESS_CONF, 
+        NULL, RSRC_CONF | OR_AUTHCFG, 
         "the name of the cosign service" ),
 
         AP_INIT_FLAG( "CosignProtected", set_cosign_protect,
@@ -970,7 +970,7 @@
         "\"never\", \"initial\", or \"always\"" ),
 
         AP_INIT_TAKE1( "CosignSiteEntry", set_cosign_siteentry,
-        NULL, RSRC_CONF | ACCESS_CONF, 
+        NULL, RSRC_CONF | OR_AUTHCFG, 
         "\"none\" or URL to redirect for users who successfully authenticate" ),
 
         AP_INIT_RAW_ARGS( "CosignRequireFactor", set_cosign_factor,
@@ -986,7 +986,7 @@
         "on or off, on allows you to accept faux factors, off denies access" ),
 
         AP_INIT_FLAG( "CosignAllowPublicAccess", set_cosign_public,
-        NULL, RSRC_CONF | ACCESS_CONF, 
+        NULL, RSRC_CONF | OR_AUTHCFG, 
         "make authentication optional for protected sites" ),
 
         AP_INIT_FLAG( "CosignHttpOnly", set_cosign_http,
Only in cosign-2.0.2/filters/apache2: mod_cosign.c.orig