On Tue, January 21, 2014 12:39, James B. Byrne wrote:
> CentOS-6.5-i86_64
> httpd-2.2.15 (CentOS)
>
> I have a problem with configuring directory access using groups. We have a
> site with multiple sub-directories. We have several groups defined. We have
> the entire site protected at the root by digest authentication and some of the
> sub-directories protected by:
>
> <Directory /protect/directory/path>
> Require group xxxxx
> </Directory>
>
> All directives are contained in the virtual web site configuration file. We
> are not using .htaccess files.
>
The documentation website for Apache-httpd-2.2 says this:
https://httpd.apache.org/docs/2.2/howto/htaccess.html#page-header
When (not) to use .htaccess files
In general, you should only use .htaccess files when you don't have access to
the main server configuration file. There is, for example, a common
misconception that user authentication should always be done in .htaccess
files, and, in more recent years, another misconception that mod_rewrite
directives must go in .htaccess files. This is simply not the case. You can
put user authentication configurations in the main server configuration, and
this is, in fact, the preferred way to do things. Likewise, mod_rewrite
directives work better, in many respects, in the main server configuration.
However, my experience indicates that this statement is simply wrong when it
speaks of authentication in the main configuration file.
Contents of virtual host configuration file:
<Directory />
AuthType Digest
AuthName ca.harte-lyne
AuthDigestDomain /
AuthDigestProvider file
AuthUserFile /etc/httpd/access.d/.htdigest
AuthGroupFile /var/data/hll_dav/htgroup
Require all denied
</Directory>
<Directory /HLL_Administration/Payroll>
AuthType Digest
AuthName ca.harte-lyne
AuthDigestDomain /HLL_Administration/Payroll
AuthDigestProvider file
AuthUserFile /etc/httpd/access.d/.htdigest
AuthGroupFile /var/data/hll_dav/htgroup
Require group payroll
</Directory>
No .htaccess file in directory.
Result, no-one can authenticate.
Contents of virtual host configuration file:
<Directory />
AuthType Digest
AuthName ca.harte-lyne
AuthDigestDomain /
AuthDigestProvider file
AuthUserFile /etc/httpd/access.d/.htdigest
AuthGroupFile /var/data/hll_dav/htgroup
Require all denied
</Directory>
<Directory /HLL_Administration/Payroll>
</Directory>
With .htaccess file containing:
<---
AuthType Digest
AuthName ca.harte-lyne
AuthDigestDomain /HLL_Administration/Payroll
AuthDigestProvider file
AuthUserFile /etc/httpd/access.d/.htdigest
AuthGroupFile /var/data/hll_dav/htgroup
Require group payroll
--->
And authentication works as expected. Users in the payroll group can
authenticate and users outside the payroll group cannot.
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@xxxxxxxxxxxxx
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|