httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Plüm, Rüdiger, VF EITO <>
Subject Re: Auth in Location: can one basic auth config override another?
Date Wed, 29 Nov 2006 11:59:07 GMT

> -----Ursprüngliche Nachricht-----
> Von: Graham Leggett 
> Gesendet: Mittwoch, 29. November 2006 12:31
> An:
> Betreff: Auth in Location: can one basic auth config override another?
> Hi all,
> After much experimentation with httpd v2.0, where an attempt 
> is made to
> set one basic auth policy for Location /, and a different basic auth
> policy for Location /bugzilla, it seems that regardless of 
> the order of
> the Location in the config file, the most general config always wins.
> In other words, it seems currently to be impossible to define 
> a different
> basic auth config in a subdirectory in an urlspace, if an 
> existing more
> general basic auth config exists for a parent directory.
> Can anyone who knows the AAA stuff better confirm whether 
> this is true or
> not?

I don't think so. I have the following configuration running successfully:

<Location /somewhere>
   Options None
   AllowOverride None
   DAV On
   AuthName "Access for somewhere"
   AuthType Basic
   AuthUserFile /opt/apache-2.0.55/conf/transfer/passwd.manager

   order allow,deny
   allow from all
   Satisfy all

   Options none
   ForceType application/octet-stream

 <LimitExcept OPTIONS>
   require user manager

<Location /somewhere/deeper/evendeeper>
   AuthName "Access for evendeeper"
 <LimitExcept OPTIONS>
   require user manager somebodyelse

If I go to /somewhere/deeper/evendeeper I get the correct Realm presented in the browser.



View raw message