httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: [users@httpd] Only require satisfaction of one AuthType in 2.2
Date Sat, 29 Sep 2007 01:17:41 GMT
Sorry - too many JJ's posting, had this confused.

Joel Johnson wrote:
> Does anyone have any thoughts, suggestions, pointers, tips or references on
> this issue?
> 
> On Mon, September 24, 2007 8:44 pm, Joel Johnson wrote:
>>
>> The problem I'm running into is in designating the authentication as
>> *optional*. For example, I'd like to setup a wiki at wiki.and have the
>> contents publicly accessible, but require authentication for edits. I'd like
>> to first offer Kerberos authentication, but if that fails than still allow
>> access. The application would then check REMOTE_USER and honor its value
>> if set, or fallback to internal authentication if desired. This will also
>> allow me to configure the server such that if a user is local and has
>> Kerberos
>> credentials they are seamlessly authenticated, but if not than I can have a
>> login screen authenticating internally against the same source. There are
>> several different ways that I will use this, but they all rely on optional
>> authentication support.
>>
>> The working exclusively-Kerberos relevant config is simply:
>> AuthType Kerberos
>> require valid-user
>>
>> I've tried using a "Satisfy any" directive as follows, but the "Allow from
>> all" seems to take precedence over any other method:
>> AuthType Kerberos
>> require valid-user
>> Allow from all
>> Satisfy any

Did you make sure that to the denied resources, you have toggled either
Deny from All
or
Satisfy All
which should force the authentication?  Beyond this, there's no way to
'optionally log in but not really if you don't want to'.

Bill

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message