httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hu...@sonic.net
Subject Re: [users@httpd] Apache authentication - require group AND (not OR) user
Date Tue, 14 Aug 2012 22:14:35 GMT
 You can have multiple 'require' lines to allow multiple groups and/or
users. So

 require group programmers
 require group secretaries
 require user joe

 "Require"s are OR-ed together, so anyone meeting a single criteria will
get allowed in, provided they enter the correct password of course. So your
check for "user is joe you need to have two separate files.

 hugh

 On Tue 14/08/12 14:30 , Ben Johnson ben@indietorrent.org sent:
 Hello,

 I've scoured the Internet for examples of how to implement logical
 operators where the "require" directive is concerned.

 The dearth of documentation and discussion regarding this subject leads
 me to believe that it has not been implemented, or was implemented at
 one time and then removed.

 This is the most thorough discussion I can find on the subject, which
 dead-ends:
 http://www.mombu.com/programming/linux/t-apache-22-both-require-user-and-require-group-739013.html
[1]">http://www.mombu.com/programming/linux/t-apache-22-both-require-user-and-require-group-739013.html

 My location block, which, at present, only allows one group
 ("programmers"), looks something like this:

 AuthType Basic
 AuthName "SVN Repository"
 AuthBasicProvider dbm
 AuthDBMType DB
 AuthDBMUserFile "/var/www/apache-users"
 AuthDBMGroupFile "/var/www/apache-users"
 require group programmers
 DAV svn
 AuthzSVNAccessFile /var/www/projects/svn-access-control.cfg
 SVNPath /var/www/svn/project

 Ideally, I wish to do something like the following (I'm using
 pseudo-code here, because it's probably easier to understand than plain
 English):

 if ($group === 'programmers' || ($group === 'clients && $user === 'joe'))
{
 //Allow access.
 }
 else {
 //Deny access.
 }

 Is this possible? Or do I need to give-up on controlling authentication
 at this level and instead focus on authorization within
 "svn-access-control.cfg"?

 Thanks for any help!

 -Ben

 ---------------------------------------------------------------------
 To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org [2]
 For additional commands, e-mail: users-help@httpd.apache.org [3]

 

Links:
------
[1]
http://www.mombu.com/programming/linux/t-apache-22-both-require-user-and-require-group-739013.html
[2] mailto:users-unsubscribe@httpd.apache.org
[3] mailto:users-help@httpd.apache.org

Mime
View raw message