Return-Path: 
 <users-return-64942-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 46231 invoked from network); 20 Jul 2006 19:50:22 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 20 Jul 2006 19:50:22 -0000
Received: (qmail 71010 invoked by uid 500); 20 Jul 2006 18:01:38 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 70969 invoked by uid 500); 20 Jul 2006 18:01:38 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 70930 invoked by uid 99); 20 Jul 2006 18:01:37 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Jul 2006 11:01:37 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (asf.osuosl.org: domain of paredes@aecom.yu.edu designates
 129.98.1.16 as permitted sender)
Received: from [129.98.1.16] (HELO mailgw.aecom.yu.edu) (129.98.1.16)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Jul 2006 11:01:36 -0700
Received: from mailvx.aecom.yu.edu (mailvx.aecom.yu.edu [129.98.1.17])
	by mailgw.aecom.yu.edu (8.12.11.20060308/8.12.11) with SMTP id k6KI1ANv026742
	for <users@httpd.apache.org>; Thu, 20 Jul 2006 14:01:12 -0400
Received: from post.aecom.yu.edu ([129.98.1.100])
 by mailvx.aecom.yu.edu (SAVSMTP 3.1.1.32) with SMTP id M2006072014011011554
 for <users@httpd.apache.org>; Thu, 20 Jul 2006 14:01:10 -0400
Received: from [129.98.48.37] (wernicke.aecom.yu.edu [129.98.48.37])
	by post.aecom.yu.edu (Postfix) with ESMTP id 7A88C25
	for <users@httpd.apache.org>; Thu, 20 Jul 2006 14:01:10 -0400 (EDT)
Message-ID: <44BFC4E6.90701@aecom.yu.edu>
Date: Thu, 20 Jul 2006 14:01:10 -0400
From: paredes <paredes@aecom.yu.edu>
User-Agent: Thunderbird 1.5.0.4 (Macintosh/20060530)
MIME-Version: 1.0
To: users@httpd.apache.org
References: <11BBAD2D3ADA85418C9E424CE164B29F0147E840@mail03.mailsource.co.uk>
In-Reply-To: 
 <11BBAD2D3ADA85418C9E424CE164B29F0147E840@mail03.mailsource.co.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: Re: [users@httpd] mod_auth_mysql
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

Greetings Michael!

Which versions of apache and mod_auth_mysql are you using? What platform 
are you on? When you check your httpd.conf file is mod_auth being loaded?

Regards,

William  Paredes
Computer Based Education
Albert Einstein College of Medicine
Bronx, New York USA


Michael Luff wrote:
> Hi William,
> 	Thanks for your help on this one.  From what you and Elaine have
> written and from what I've read, this really ought to work but I'm still
> stuck with the all or nothing problem.
>
> If I modify my file as you suggest, anyone can get access without being
> prompted for a password, not just the IP I specify; if I comment out the
> 'satisfy any' line, I'm back to passwords for all.
>
> As we agree that the approach is valid, can anyone think of any other
> commands, directives etc somewhere else that might be having an effect
> on this?
>
> Many thanks,
> Michael.
>
> -----Original Message-----
> From: paredes [mailto:paredes@aecom.yu.edu] 
> Sent: 19 July 2006 23:52
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] mod_auth_mysql
>
> Greetings Michael!
>
> What should work is the following:
>
> <Directory /var/www/localhost/htdocs>
>
> deny from all
> allow from 10.0.0.72
>
> AuthName "MailSource UK Intranet Zone, authentication required"
> AuthType Basic
> AuthMySQLHost localhost
> AuthMySQLEnable on
> AuthMySQLUser xxxxxxx
> AuthMySQLPassword xxxxxxx
> AuthMySQLDB auth
> AuthMySQLUserTable users
> AuthMySQLNameField user_name
> AuthMySQLPasswordField user_passwd
> AuthMySQLGroupTable groups
> AuthMySQLGroupField user_group
> Require group user admin
>
> satisfy any
>
> </directory>
>
> William Paredes
> Computer Based education
> Albert Einstein College of Medicine
> Bronx, New York USA
>
>
> Michael Luff wrote:
>   
>> Hi Elaine,
>>
>> Many thanks for the help, I've now got:
>>
>> <Directory /var/www/localhost/htdocs>
>>
>> AuthName "MailSource UK Intranet Zone, authentication required"
>>
>> AuthType Basic
>>
>> AuthMySQLHost localhost
>>
>> AuthMySQLEnable on
>>
>> AuthMySQLUser xxxxxxx
>>
>> AuthMySQLPassword xxxxxxx
>>
>> AuthMySQLDB auth
>>
>> AuthMySQLUserTable users
>>
>> AuthMySQLNameField user_name
>>
>> AuthMySQLPasswordField user_passwd
>>
>> AuthMySQLGroupTable groups
>>
>> AuthMySQLGroupField user_group
>>
>> # This next line controls which group(s) can access the resource
>>
>> AllowOverride none
>>
>> Require group user admin
>>
>> Order allow,deny
>>
>> Allow from 10.0.0.72
>>
>> Satisfy Any
>>
>> </Directory>
>>
>> But now anyone can access it, not just the IUP address I've specified!
>>     
>
>   
>> I can't seem to get around this all or nothing problem.
>>
>> Can you see anything I've done wrong?
>>
>> Regards,
>>
>> Michael.
>>
>> *From:* elaine [mailto:elaine@ccuec.unicamp.br]
>> *Sent:* 19 July 2006 13:49
>> *To:* users@httpd.apache.org
>> *Subject:* Re: [users@httpd] mod_auth_mysql
>>
>> Michael,
>>
>> Try to use the "allow" and "satisfy" directives.
>> This is an example, that we use to protect our intranet access :
>> (Note that the IP's and server name were modified, and we use the deny
>>     
>
>   
>> directive
>> to refuse connections from reception kiosk.)
>>
>> <Limit GET PUT POST>
>>
>> # Allow access only to authenticated users from MySQL
>> # or users that are in the intranet
>> # (except IP xx.xx.xx.xx : reception kiosk)
>>
>> require valid-user
>> Order allow,deny
>> Deny from xxx.xxx.xx.x
>>
>> # Allow access from our internal network without
>> # username and password
>>
>> Allow from example.com
>>
>> Satisfy any
>> </Limit>
>>
>>
>> You can read more details about Satisfy directive :
>>
>> http://httpd.apache.org/docs/2.2/mod/core.html#satisfy
>>
>> Regards,
>> Elaine
>>
>> Michael Luff wrote:
>>
>> Hi All,
>>
>> I've got mod_auth_mysql working nicely but I would like the users on 
>> my internal network not to have to enter a username and password, just
>>     
>
>   
>> people accessing from outside.
>>
>> I've tried various solutions using Order deny,allow; allow from and so
>>     
>
>   
>> forth but with no luck, I end up with everyone being prompted or
>>     
> no-one.
>   
>> Here's my unmodified <Directory> command from my httpd.conf that 
>> requires everyone to supply a password, can anyone suggest how I can 
>> modify it to allow access from 10.0.0?
>>
>> <Directory /var/www/localhost/htdocs>
>>
>> AuthName "authentication required"
>>
>> AuthType Basic
>>
>> AuthMySQLHost localhost
>>
>> AuthMySQLEnable on
>>
>> AuthMySQLUser xxxxxx
>>
>> AuthMySQLPassword xxxxxxx
>>
>> AuthMySQLDB auth
>>
>> AuthMySQLUserTable users
>>
>> AuthMySQLNameField user_name
>>
>> AuthMySQLPasswordField user_passwd
>>
>> AuthMySQLGroupTable groups
>>
>> AuthMySQLGroupField user_group
>>
>> # This next line controls which group(s) can access the resource
>>
>> require group user admin
>>
>> </Directory>
>>
>> Regards,
>>
>> *Michael Luff** *MSc B.Eng (Hons) MIET*
>> **Facilities & Systems Manager *
>>
>> T: +44 (0)20 8614 7604
>> F: +44 (0)20 8614 7601
>> M: +44 (0)7976 404956
>> E: Michael.luff@mailsource.co.uk
>>     
> <mailto:Michael.luff@mailsource.co.uk>
>   
>> *MailSource UK Limited *
>>
>> - Europe's leading specialist in integrated document delivery
>>     
> solutions
>   
>> - Holders of the RoSPA Health & Safety Gold Medal 2006/2007
>>
>> Northumberland House
>>
>> 15 Petersham Road
>>
>> Richmond-upon-Thames
>>
>> Surrey TW10 6TP
>>
>> *www.mailsource.co.uk <http://www.mailsource.co.uk/>*
>>
>> *MailSource UK Limited *
>>
>> - Europe's leading specialist in integrated document delivery
>>     
> solutions
>   
>> - Holders of the RoSPA Health & Safety Gold Medal 2006/2007
>>
>> Northumberland House
>>
>> 15 Petersham Road
>>
>> Richmond-upon-Thames
>>
>> Surrey TW10 6TP
>>
>> *www.mailsource.co.uk <http://www.mailsource.co.uk/>*
>>
>>     
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> MailSource UK Limited     
>
> - Europe's leading specialist in integrated document delivery solutions
> - Holders of the RoSPA Health & Safety Gold Medal 2006/2007
>  
> Northumberland House           
> 15 Petersham Road                
> Richmond-upon-Thames         
> Surrey    TW10 6TP                
>                                                
>  
> www.mailsource.co.uk
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>   


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org