httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <BNICHO...@novell.com>
Subject Re: SatisfyOne
Date Tue, 01 May 2007 14:18:53 GMT
>>> On 4/30/2007 at 10:13 AM, in message
<20070430161358.GF20943@quartz.itdept.newn.cam.ac.uk>, Patrick Welche
<prlw1@newn.cam.ac.uk> wrote:
> On Fri, Apr 27, 2007 at 03:44:08PM -0600, Brad Nicholes wrote:
>> >>> On 4/27/2007 at 11:30 AM, in message
>> <20070427173016.GB8008@quartz.itdept.newn.cam.ac.uk>, Patrick Welche
>> <prlw1@newn.cam.ac.uk> wrote:
> ...
>> > Using httpd trunk 529626, of Apr 19 2007, I tried a FAQ configuration
>> > with the new authentication framework:
>> > 
>> > <Directory "/usr/local/share/httpd/htdocs/learn">
>> >     AuthType basic
>> >     AuthName "raven test"
>> >     AuthBasicProvider file
>> >     AuthUserFile /usr/local/etc/pass.txt
>> >     <SatisfyOne>
>> >         Require host quartz.itdept.newn.cam.ac.uk
>> >         Require ip 192.168.200.180
>> >         Require valid-user
>> >     </SatisfyOne>
>> > </Directory>
> ...
>> It's beginning to look like Order, Allow, Deny, Satisfy can't be deprecated 
> after all.  However I still think that there is a usefulness for the same 
> type of authorization rules defined by "require".
> 
> Indeed, translating to the compat form:
> 
> <Directory "/usr/local/share/httpd/htdocs/learn">
>     AuthType basic
>     AuthName "raven test"
>     AuthBasicProvider file
>     AuthBasicAuthoritative Off
>     AuthUserFile /usr/local/etc/httppwddb
>     Order Deny,Allow
>     Deny from All
>     Allow from quartz.itdept.newn.cam.ac.uk 192.168.200.180
>     Require valid-user
>     Satisfy Any
> </Directory>
> 
> behaves as expected.
> 
> Cheers,
> 
> Patrick

I'm a little surprised to hear that.  Are you sure that you cleared out your authenticated
session cache before you tested the new configuration?  As the code stands now, you would
have had to go through the authentication hook which no matter what the access_control hook
said, would have forced a prompt for a user name and password if it didn't already exist in
the header.  It's always good to hear that things are working correctly, but in this case
I am a little surprised.

Brad


Mime
View raw message