httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Strickland <j...@americanroamer.com>
Subject Re: [users@httpd] Password protected folder within another password protected folder
Date Tue, 16 Mar 2004 17:44:20 GMT
Okay. Hopefully there is nothing wrong with this email. This should be 
going out as plain text(I thought I had the previous emails set to do 
so. My bad.), and hopefully I will have all paragraphs separated properly.

I tried your example and still couldn't get it to work. However, I did 
arrive at a solution, which I think is pretty much the same as your 
example. Instead of creating a link to an outside folder for this 
individual in his company's client section, I just created a new client 
section for him and provided a link back to the company client section. 
This seems to be working properly.

Thanks for your help. In some ways, Apache doesn't seem to offer a lot 
of the options that Microsoft's IIS does. However, I suppose that is 
also why Apache doesn't seem to fall victim to so many malicious 
attacks. Once again, thanks.

Boyle Owen wrote:

>Next gripe: Plain text please (see Cornell Sternbergh's recent note:
>http://marc.theaimsgroup.com/?l=apache-httpd-users&m=107935309712404&w=2
>)
>
>Assuming you've absorbed Joshua's comments about the distinction between
>unix and apache permissions etc., regarding your subject line: HTTP
>simply doesn't support nested authentication. Suppose you have dir1
>protected by realm1 and dir1/dir2 protected by realm2. Look what
>happens:
>
>- client: requests dir1
>- server: 401 realm1
>- c: pw prompt, sends creds for realm1, caches creds for use with dir1/*
>- s: serves dir1
>- c: requests dir1/dir2, with creds for realm1 (c thinks dir1/dir2 is
>still part of realm1)
>- s: 401 realm2 (creds1 don't match realm2)
>- c: pw prompt, sends creds realm2, caches who knows what...
>- s: creds2 don't match dir1 - 401
>- c & s are now all mixed up...
>
>The actual behaviour is browser-dependent: you can get pw prompts ad
>nauseum, or just a 401 unauthorised. 
>
>Ideas:
>
>- put the 2nd realm "next to" (ie, not a subdir of) the 1st realm and
>put a link to it from realm1. Then the two realms are parallel and can
>have separate authentication.
>
>- If you know John Doe's IP, use "Allow from jd's-ip" and "Satisfy any"
>at the first realm...
>
>- Forget basic authentication and implement it in something more
>powerful on the server-side (CGI, PHP, Cocoon) but this is getting a bit
>complicated...
>
>Rgds,
>Owen Boyle
>Disclaimer: Any disclaimer attached to this message may be ignored. 
>
>
>-----Original Message-----
>From: Jim Strickland [mailto:jims@americanroamer.com]
>Sent: Montag, 15. März 2004 22:22
>To: users@httpd.apache.org
>Subject: Re: [users@httpd] Password protected folder within another
>password protected folder
>
>
>Sorry about the paragraph. I was just typing as I was thinking and
>well...now you know how I think.
>
>Below is a copy of how I have this particular client section setup, with
>names changed to protect the guilty. Unfortunately, even though I have
>the private folder requiring a certain user, the regular client login is
>still accessing it. HELLLP!!!
>
><Directory "/var/www/html/abcdefg.com/client/03">
>AuthName "Joes Nails"
>AuthType Basic
>require valid-user
>AuthUserFile /clients/ClientPasswords/03/passwords
></Directory>
><Directory "/var/www/html/abcdefg.com/client/03/Proofing Area/John Doe">
>AuthName "Joes Nails"
>AuthType Basic
>require user johndoe
>AuthUserFile /clients/ClientPasswords/03/passwords
></Directory>
>
>Joshua Slive wrote:
>
>On Mon, 15 Mar 2004, Jim Strickland wrote:
>  
>I'm guessing that there is an important step I am missing.
>Could someone please identify what that step is?
>    
>
>I think the first step you are missing is paragraphs in your question.
>Wheh.
>
>Anyway, your main problem seems to be that you are mixing up apache
>permissions and unix permissions.  These two are almost orthogonal.  As
>far as apache is concerned, the only thing that is important is that the
>User/Group specified in httpd.conf can read ALL the files that apache
>needs to serve.  The rest of the access configuration should be done
>entirely at the httpd.conf/.htaccess level, not at the file permission
>level.  So, for example, you can make all your files world-readable and
>then do
>
><Directory /path/to/private/>
>AuthName private
>AuthUserFile ...
>AuthType Basic
>require user company1 person1
></Directory>
>
><Directory /path/to/private/individual>
>AuthName private
>AuthUserFile ...
>AuthType Basic
>require user person1
></Directory>
>
>Joshua.
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server
>Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>  
>
>
>  
>

-- 
James Strickland - MCP
IT Manager
American Roamer
901-377-8585
http://www.americanroamer.com


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message