Return-Path: 
 <users-return-72892-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 95007 invoked from network); 2 Jun 2007 00:11:05 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 2 Jun 2007 00:11:05 -0000
Received: (qmail 56075 invoked by uid 500); 2 Jun 2007 00:10:58 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 56060 invoked by uid 500); 2 Jun 2007 00:10:57 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 56049 invoked by uid 99); 2 Jun 2007 00:10:57 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Jun 2007 17:10:57 -0700
X-ASF-Spam-Status: No, hits=2.0 required=10.0
	tests=HTML_MESSAGE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (herse.apache.org: domain of lizkim270@gmail.com designates
 64.233.162.230 as permitted sender)
Received: from [64.233.162.230] (HELO nz-out-0506.google.com) (64.233.162.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Jun 2007 17:10:52 -0700
Received: by nz-out-0506.google.com with SMTP id v1so641298nzb
        for <users@httpd.apache.org>; Fri, 01 Jun 2007 17:10:31 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type;
        b=IVbGSjInlWzKBaHCYlLvdLAk5ClwlDzInqry5MMOvfJJcTviAp/nrJwI4zcduAO9+o51yvxhodd6l4EDa5AR4dazAHa9F2pQuUeOjm52xwnQwLWY9+6N0WRlCQNDYqUo8Hd43z6I5o8Ebs8ylmSDMqSpa/t2JA3JusO/lwjaZ2w=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=on897iCYgcN2saFM9AOdWgev6kZdyhO59GyNNvLM8wiU992AIrqlqBssJwsSacShZZjXpkuvvXV7DkbEU3E6v8jSxV/wXUREE8fq2AGjAe1oD8RScMYfQ4IWyIRh++vMqM6wngvFCVu2TS8IWLOEByHSQ9bWCNmiM4aYYACZc1A=
Received: by 10.143.45.8 with SMTP id x8mr110839wfj.1180743031450;
        Fri, 01 Jun 2007 17:10:31 -0700 (PDT)
Received: by 10.142.111.11 with HTTP; Fri, 1 Jun 2007 17:10:31 -0700 (PDT)
Message-ID: <3e9f0ea0706011710w7f692885j2b2df6ae5dcf1f20@mail.gmail.com>
Date: Fri, 1 Jun 2007 17:10:31 -0700
From: "Liz Kim" <lizkim270@gmail.com>
To: users@httpd.apache.org
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_7935_14375422.1180743031428"
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: [users@httpd] Mutilayered Authentication

------=_Part_7935_14375422.1180743031428
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hello,

I have a question about multi-layered authentication.
Say there are 3 directories A, B and C
/A
/A/B
/A/B/C

1. Users with a login/password or on the <xxx.com> domain to be able to
access A:

<Directory /A>
 AuthUserFile a_passwd
 AuthType Basic
 Require valid-user
 order deny,allow
 deny from all
 allow from xxx.com
 Satisfy any
</Directory>

2. ONLY users on domain <yyy.com> are allowed to B:
<Directory /A/B>
 order deny,allow
 deny  from all
 allow from yyy.com
</Directory>

3. ONLY users on domain <zzz.com> are allow to C:
<Directory /A/B/C>
 order deny,allow
 deny  from all
 allow from zzz.com
</Directory>

It appears that both 2 and 3 are not working correctly.  They still prompt
for a login/password acting like a "Satisfy any"...
When I tried to put "Satisfy All" for 2 and 3, even the users coming from an
allowed domain are prompted for a login/passwd.

Any ways to turn these prompts for 2 and 3?

thank you!

------=_Part_7935_14375422.1180743031428
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hello,<br><br>I have a question about multi-layered authentication.<br>Say there are 3 directories A, B and C <br>/A<br>/A/B <br>/A/B/C<br><br>1. Users with a login/password or on the &lt;<a href="http://xxx.com">xxx.com</a>
&gt; domain to be able to access A:<br><br>&lt;Directory /A&gt;<br>&nbsp;AuthUserFile a_passwd<br>&nbsp;AuthType Basic<br>&nbsp;Require valid-user<br>&nbsp;order deny,allow<br>&nbsp;deny from all<br>&nbsp;allow from <a href="http://xxx.com">xxx.com</a>
<br>&nbsp;Satisfy any<br>&lt;/Directory&gt;<br><br>2. ONLY users on domain &lt;<a href="http://yyy.com">yyy.com</a>&gt; are allowed to B:<br>&lt;Directory /A/B&gt;<br>&nbsp;order deny,allow<br>&nbsp;deny&nbsp; from all<br>&nbsp;allow from <a href="http://yyy.com">
yyy.com</a><br>&lt;/Directory&gt;<br><br>3. ONLY users on domain &lt;<a href="http://zzz.com">zzz.com</a>&gt; are allow to C:<br>&lt;Directory /A/B/C&gt;<br>
&nbsp;order deny,allow<br>
&nbsp;deny&nbsp; from all<br>
&nbsp;allow from <a href="http://zzz.com">zzz.com</a><br>
&lt;/Directory&gt;<br>
<br>It appears that both 2 and 3 are not working correctly.&nbsp; They still prompt for a login/password acting like a &quot;Satisfy any&quot;...<br>When I tried to put &quot;Satisfy All&quot; for 2 and 3, even the users coming from an allowed domain are prompted for a login/passwd.
<br><br>Any ways to turn these prompts for 2 and 3?<br><br>thank you!<br><br>

------=_Part_7935_14375422.1180743031428--