httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject How to combine IP and user based AAA without Satisfy?
Date Wed, 16 Dec 2009 13:57:16 GMT
Hi,

during a test migration from 2.2 to 2.4 I noticed, that the new AAA does 
not allow to combine ip based AAA with user based.

The goal: allow access if either client ip address satisfies conditions 
or user authenticates via basic auth.

Until 2.2 one could use "Satisfy Any". The resulting config first 
checked the ip, and only prompted via basic auth, if the ip was not allowed.

In 2.4, *without* using the deprecated "Satisfy" via mod_access_compat, 
you will always be prompted by basic auth, because the ip addresses are 
only used during authz which comes after authn.

Is there any solution known to this? Should there be one? Would it make 
sense to not deprecate "Satisfy" because of this?

Regards,

Rainer


Mime
View raw message