[users@httpd] Re: Single Sign-On to Virtual Hosts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

David Knecht wrote:
> This is probably a rather simple question related to single sign-on to
> virtual hosts. Although I did some research I need some advice that
> points me to the right direction...
>
> This is the environment:
>
> Virtual host A; Allowed users: administrator, user_a
> Virtual host B; Allowed users: administrator, user_b
> Virtual host C; Allowed users: administrator, user_a, user_c
>
> I'd like to create an administrator account using Apache's basic
> authentication feature. Whenever the administrator is successfully
> authenticated to one of these virtual hosts then no additional
> authentication/login should be required when accessing the other virtual
> hosts. The same applies to non-administrator users. Here, every
> individual user is allowed to login only to explicitely assigned virtual
> hosts.
>
> I am currently using this type of authentication definitions in every
> single virtual host container of my test setup:
>
> ...
> 	<Location "/xyz">
> 	        AuthType Basic
> 	        AuthName "Virtual Host A"
> 		AuthUserFile /etc/httpd/virtual_host_a_htpasswd
> 	        Require valid-user
> 	</Location>
> ...
>
> Every virtual host container is currently using its own AuthUserFile. I
> assume that using one single AuthUserFile (/etc/httpd/htpasswd) for all
> user definitions as well as "Require administrator user_a" etc. on every
> individual virtual host is the way to go. However, I did not manage to
> make the single sign-on work so far...

Something like this:

- Have all vhosts use the same AuthName
- Make a groups file with groups 'vhosta', 'vhostb' etc, and fill the
group with the members that may use that vhost
- require membership of the proper authgroup.

Once you start using different authnames, you can forget SSO, since a
different realm will be used for different vhosts.

Joost


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux