httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] 'require' keyword
Date Fri, 21 Aug 2009 12:17:16 GMT
Melanie Pfefer wrote:
> Hi
> 
> I meant Eric's suggestion.
> 
> But, I sent the email too fast. In fact, I am not prompted for authentication when I
create a new and seperate location even though the Require user was put for that new location.
> 
> In fact I just noticed that I have also:
> 
> <Location /svn/ABC/>
> with the same ldap settings (require valid-user)
> 
Getting back to some basics :
With "Basic Authentication" (which is what you are using, despite the 
fact that your back-end is an LDAP server), the directive "AuthName" is 
important.
Basically, any Location sections for which you use the same AuthName, is 
considered by the server and the browser as "one domain", and an 
authentication for one of these Locations is valid for all the Locations 
that have the same AuthName.
That is why, if a user authenticates once for a specific Location that 
has an "Authname X", and then accesses another Location that also has an 
"AuthName X", the user will not be asked to authenticate again, and his 
previous authentication will be "re-used".


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message