Location location location

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

All,

I have a long-standing configuration for a private server where all
users must authenticate against our LDAP server. Something like this:

<Location "/">
  AuthType Basic
  Require ldap-group mygroup
</Location>

I'm trying to use certbot to get a TLS certificate for this domain
from Let's Encrypt, and I'm having trouble getting LE access to the
server: I keep getting "401 Authentication Required" responses.

I changed the configuration to the following:

<Location "/.well-known/">
  Order allow,deny
  Allow from all
  Require all granted
</Location>
<Location "/">
  AuthType Basic
  Require ldap-group mygroup
</Location>

And restarted. My LDAP stuff still works, but I can't access the
"/.well-known/" URL space without authenticating.

I don't have any other authentication-related items in this VirtualHost.

I believe by putting the exception-Location first in the configuration
file, I should be able to trump the general configuration affecting
the "/" URL-space, right?

Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXjRuEAAoJEBzwKT+lPKRYDZYQAJcvDQ+hmK36CEBA9jdDnBwY
p1SG/6dhB/dA6aUrn2O8BLKBnyQKZKeNvm4M4U0tDyxpgvbjivsvW38ZpQjfyi4s
BnJJtaBB1NRVC+/NGGy2iry47cRTRXjibY+CCpL6zKp4R1G0DcustjA8xS6k3PRd
7GTaViUJaHQ53tDT2lJRHhhG6QGunyUtzUBvF4+LaM2rGW0AOk7UrHreNeMibfNc
1k7LDlM6Y2m7k9GoKGy1sN0mpFIzC64xEsEunGN6Qk8OzCdUeOJShCm/T7Ka3rvE
uZp5LT5foqXLxJ56HiBqNyHo44s0KHuu5LX9CiPLInwyWNFKE2gxcTbKfyfZG5L6
ZBZbGYCqoptTO9nNDxa1uJ87UwfLseEf5YcbP+GAORmrllfi6o8dLgm1umN/KETK
auRqyrCFy+yTc6j24SRdqAB9p25RVm5FFsrRZcyIOlUos4hPnYhl5PZOs04qik0a
6LXbTTFvc8zBLSDUbZS0rSN/czvfc6R1kovvBZ9RfE6q4asg/ftAelTOF3Gef/TQ
JEE4zuBOTP/M1V6wXdjKMx0CZ4yL9GTJFHz5jMFEWXSwgzTuazAgN0q1PE2pk+94
sI/eDMJ1U3DnT8R/1ueYcPkEJF6yH7+z/HmOubx9/gSBZyWlGYUEu3CMxhqh0xIh
k96615lXGbZ1c3qCY9tG
=1Zj1
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux