Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B062AD58A for ; Tue, 21 May 2013 10:27:56 +0000 (UTC) Received: (qmail 61713 invoked by uid 500); 21 May 2013 10:27:53 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 61373 invoked by uid 500); 21 May 2013 10:27:52 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 61343 invoked by uid 99); 21 May 2013 10:27:51 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 May 2013 10:27:51 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of v.damore@gmail.com designates 209.85.160.44 as permitted sender) Received: from [209.85.160.44] (HELO mail-pb0-f44.google.com) (209.85.160.44) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 May 2013 10:27:45 +0000 Received: by mail-pb0-f44.google.com with SMTP id wz12so481079pbc.3 for ; Tue, 21 May 2013 03:27:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=ZPjP4HTNi09/NOkcfMDkYWr5hkpk0nS1eLTiMsxOCLI=; b=tfcyGX5rPKfnTbprdARMj0uKwN/oOeZHlNJxnii2qzNNNd8Zx3+mglQRrehQTJkvqR J2/Ctgyey9IGlc7b2UXXLkkoCu0fqUghHyEMXM80P5dkw2rYpPDRCJkhSndOMMfEXlQb dNZnsliDOMOp+NWw3yDTWBJIc4oOn/YZSY+zdkjdqly6Pc3W8D/Yvv6oQhZt3iqwgMM+ 24L5pjnLIMXd6T8eQfibRDyARjd8ncdB32X1YmNaNhCvDtIBcmw+SeH0GEwZSZ0sbnE5 ZNS/ZJTuDRKoofaWSdMiyOrkWFYfxfivj3TKVvRcgIIN9/TIYN0C36LqBDY9vQ/+dZAa qPeA== X-Received: by 10.68.231.65 with SMTP id te1mr1946091pbc.98.1369132044603; Tue, 21 May 2013 03:27:24 -0700 (PDT) MIME-Version: 1.0 Received: by 10.70.45.135 with HTTP; Tue, 21 May 2013 03:27:04 -0700 (PDT) In-Reply-To: <519B3CE1.7060600@shom.fr> References: <519B274F.5080307@yahoo.es> <519B3CE1.7060600@shom.fr> From: "Vincenzo D'Amore" Date: Tue, 21 May 2013 12:27:04 +0200 Message-ID: To: users@httpd.apache.org Content-Type: multipart/alternative; boundary=047d7b33ca602b58e504dd37e543 X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Authenticating with subfolders --047d7b33ca602b58e504dd37e543 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Bruno, may be you're right, I read long time ago, but actually don't remember exactly the RFC. So now I have just implemented such configuration with Apache 2.2. Into the document root I have created a .htaccess with this configuration: AuthType Basic AuthName "Root Restricted Files" AuthBasicProvider file AuthUserFile /var/www/.htpasswd require valid-user After I created a directory /var/www/test1 where I have created a new .htaccess file with this configuration: AuthType Basic AuthName "Test1 Restricted Files" AuthBasicProvider file AuthUserFile /var/www/test1/.htpasswd require valid-user Into /var/www/.htpasswd there is: # htpasswd -bn root password root:UYMXijHR5MW42 Into /var/www/test1/.htpasswd there is: # htpasswd -bn test1 password1 test1:P5ENtSmla14FQ Well, it is working pretty well, please try it. I have also tried to add a third directory with different credential, every thinks works like a charm :) Best, Vincenzo 2013/5/21 Bruno Tr=C3=A9guier > Le 21/05/2013 =C3=A0 11:07, Vincenzo D'Amore a =C3=A9crit : > > Hi Miguel, > > > > yes it is possible, you could add a couple of file in each directory > > (.htaccess and .htpasswd). > > Those files should override the root authentication configuration with = a > > new local config. > > > > I suggest to read here how to implement such configuration: > > > > http://httpd.apache.org/docs/2.2/howto/auth.html > > Hello Vincenzo and Miguel, > > I've been looking for such a configuration as well long ago, and I had > come to the conclusion that it was not possible, as only *one* > Authorization header is allowed (as far as I know). > > RFC2616 (HTTP/1.1) also states, in its =C2=A714.8: > > "If a request is authenticated and a realm specified, the same > credentials SHOULD be valid for all other requests within this realm". > > So, as I undestand it, you cannot use a login/password pair for a local > resource accessible via, e.g., "/a/", and another login/password pair > for another local resources located "under", e.g. "/a/b/" (as accessing > /a/b/'s realm implies accessing "/a/'s realm first). > > I may be wrong, that being said, but if anyone has a solution for that, > I'd love to read how it was implemented. > > Regards, > > Bruno > > -- > - Service Hydrographique et Oceanographique de la Marine - DMGS/INF > - 13, rue du Chatellier - CS 92803 - 29228 Brest Cedex 2, FRANCE > - Phone: +33 2 98 22 17 49 - Email: Bruno.Treguier@shom.fr > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > --=20 Vincenzo D'Amore email: v.damore@gmail.com skype: free.dev mobile: +39 349 8513251 --047d7b33ca602b58e504dd37e543 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi Bruno,

may be you're right= , I read long time ago, but actually don't remember exactly the RFC.
So now I have just implemented such configuration with Apache= 2.2.

Into the document root I have created a .ht= access with this configuration:

A= uthType Basic
AuthName "Root Restricted Files"
AuthBasicProvider file
AuthUserFile /var/www/.htpasswd
require valid-user

After I created = a directory /var/www/test1 where I have created a new .htaccess file with t= his configuration:

AuthType Basic
AuthName &quo= t;Test1 Restricted Files"
AuthBasicProvider file
AuthUserFile /var/www/test1/.htpasswd
require valid-user

Into /var/www/.htpasswd =C2=A0there is:

# htpasswd -bn root password=C2=A0

root:UYMXijHR5MW42

Into =C2=A0/var/www/test1/.htpasswd there is:

# htpasswd -bn test1 password1

test1:P5ENtSmla14F= Q

Well, it is working pretty well, ple= ase try it.
I have also tried to add a third directory with different creden= tial, every thinks works like a charm :)

Best,
Vincenzo


2013/5/21 Bruno Tr=C3=A9guier <Br= uno.Treguier@shom.fr>
Le 21/05/2013 =C3=A0 11:07, Vincenzo D'Amore a =C3=A9crit :
> Hi Miguel,
>
> yes it is possible, you could add a couple of file in each directory > (.htaccess and .htpasswd).
> Those files should override the root authentication configuration with= a
> new local config.
>
> I suggest to read here how to implement such configuration:
>
> http://httpd.apache.org/docs/2.2/howto/auth.html

Hello Vincenzo and Miguel,

I've been looking for such a configuration as well long ago, and I had<= br> come to the conclusion that it was not possible, as only *one*
Authorization header is allowed (as far as I know).

RFC2616 (HTTP/1.1) =C2=A0also states, in its =C2=A714.8:

"If a request is authenticated and a realm specified, the same
credentials SHOULD be valid for all other requests within this realm".=

So, as I undestand it, you cannot use a login/password pair for a local
resource accessible via, e.g., "/a/", and another login/password = pair
for another local resources located "under", e.g. "/a/b/&quo= t; (as accessing
/a/b/'s realm implies accessing "/a/'s realm first).

I may be wrong, that being said, but if anyone has a solution for that,
I'd love to read how it was implemented.

Regards,

Bruno

--
- Service Hydrographique et Oceanographique de la Marine =C2=A0- =C2=A0DMGS= /INF
- =C2=A013, rue du Chatellier - =C2=A0CS 92803 =C2=A0- 29228 Brest Cedex 2,= FRANCE
- =C2=A0 =C2=A0 Phone: +33 2 98 22 17 49 =C2=A0- =C2=A0Email: Bruno.Treguier@shom.fr

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




--
=
Vincenzo D'Amore
email: v.damore@gmail.com
skype: free.dev
m= obile: +39 349 8513251
--047d7b33ca602b58e504dd37e543--