Re: [users@httpd] mod_auth_mysql

[paredes <paredes@xxxxxxxxxxxx>]

Greetings Michael!

Which versions of apache and mod_auth_mysql are you using? What platform 
are you on? When you check your httpd.conf file is mod_auth being loaded?

Regards,

William  Paredes
Computer Based Education
Albert Einstein College of Medicine
Bronx, New York USA


Michael Luff wrote:
> Hi William,
> 	Thanks for your help on this one.  From what you and Elaine have
> written and from what I've read, this really ought to work but I'm still
> stuck with the all or nothing problem.
>
> If I modify my file as you suggest, anyone can get access without being
> prompted for a password, not just the IP I specify; if I comment out the
> 'satisfy any' line, I'm back to passwords for all.
>
> As we agree that the approach is valid, can anyone think of any other
> commands, directives etc somewhere else that might be having an effect
> on this?
>
> Many thanks,
> Michael.
>
> -----Original Message-----
> From: paredes [mailto:paredes@xxxxxxxxxxxx] 
> Sent: 19 July 2006 23:52
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re: [users@httpd] mod_auth_mysql
>
> Greetings Michael!
>
> What should work is the following:
>
> <Directory /var/www/localhost/htdocs>
>
> deny from all
> allow from 10.0.0.72
>
> AuthName "MailSource UK Intranet Zone, authentication required"
> AuthType Basic
> AuthMySQLHost localhost
> AuthMySQLEnable on
> AuthMySQLUser xxxxxxx
> AuthMySQLPassword xxxxxxx
> AuthMySQLDB auth
> AuthMySQLUserTable users
> AuthMySQLNameField user_name
> AuthMySQLPasswordField user_passwd
> AuthMySQLGroupTable groups
> AuthMySQLGroupField user_group
> Require group user admin
>
> satisfy any
>
> </directory>
>
> William Paredes
> Computer Based education
> Albert Einstein College of Medicine
> Bronx, New York USA
>
>
> Michael Luff wrote:
>   
> > Hi Elaine,
> >
> > Many thanks for the help, I've now got:
> >
> > <Directory /var/www/localhost/htdocs>
> >
> > AuthName "MailSource UK Intranet Zone, authentication required"
> >
> > AuthType Basic
> >
> > AuthMySQLHost localhost
> >
> > AuthMySQLEnable on
> >
> > AuthMySQLUser xxxxxxx
> >
> > AuthMySQLPassword xxxxxxx
> >
> > AuthMySQLDB auth
> >
> > AuthMySQLUserTable users
> >
> > AuthMySQLNameField user_name
> >
> > AuthMySQLPasswordField user_passwd
> >
> > AuthMySQLGroupTable groups
> >
> > AuthMySQLGroupField user_group
> >
> > # This next line controls which group(s) can access the resource
> >
> > AllowOverride none
> >
> > Require group user admin
> >
> > Order allow,deny
> >
> > Allow from 10.0.0.72
> >
> > Satisfy Any
> >
> > </Directory>
> >
> > But now anyone can access it, not just the IUP address I've specified!
> >     
>
>   
> > I can't seem to get around this all or nothing problem.
> >
> > Can you see anything I've done wrong?
> >
> > Regards,
> >
> > Michael.
> >
> > *From:* elaine [mailto:elaine@xxxxxxxxxxxxxxxx]
> > *Sent:* 19 July 2006 13:49
> > *To:* users@xxxxxxxxxxxxxxxx
> > *Subject:* Re: [users@httpd] mod_auth_mysql
> >
> > Michael,
> >
> > Try to use the "allow" and "satisfy" directives.
> > This is an example, that we use to protect our intranet access :
> > (Note that the IP's and server name were modified, and we use the deny
> >     
>
>   
> > directive
> > to refuse connections from reception kiosk.)
> >
> > <Limit GET PUT POST>
> >
> > # Allow access only to authenticated users from MySQL
> > # or users that are in the intranet
> > # (except IP xx.xx.xx.xx : reception kiosk)
> >
> > require valid-user
> > Order allow,deny
> > Deny from xxx.xxx.xx.x
> >
> > # Allow access from our internal network without
> > # username and password
> >
> > Allow from example.com
> >
> > Satisfy any
> > </Limit>
> >
> >
> > You can read more details about Satisfy directive :
> >
> > http://httpd.apache.org/docs/2.2/mod/core.html#satisfy
> >
> > Regards,
> > Elaine
> >
> > Michael Luff wrote:
> >
> > Hi All,
> >
> > I've got mod_auth_mysql working nicely but I would like the users on 
> > my internal network not to have to enter a username and password, just
> >     
>
>   
> > people accessing from outside.
> >
> > I've tried various solutions using Order deny,allow; allow from and so
> >     
>
>   
> > forth but with no luck, I end up with everyone being prompted or
> >     
> no-one.
>   
> > Here's my unmodified <Directory> command from my httpd.conf that 
> > requires everyone to supply a password, can anyone suggest how I can 
> > modify it to allow access from 10.0.0?
> >
> > <Directory /var/www/localhost/htdocs>
> >
> > AuthName "authentication required"
> >
> > AuthType Basic
> >
> > AuthMySQLHost localhost
> >
> > AuthMySQLEnable on
> >
> > AuthMySQLUser xxxxxx
> >
> > AuthMySQLPassword xxxxxxx
> >
> > AuthMySQLDB auth
> >
> > AuthMySQLUserTable users
> >
> > AuthMySQLNameField user_name
> >
> > AuthMySQLPasswordField user_passwd
> >
> > AuthMySQLGroupTable groups
> >
> > AuthMySQLGroupField user_group
> >
> > # This next line controls which group(s) can access the resource
> >
> > require group user admin
> >
> > </Directory>
> >
> > Regards,
> >
> > *Michael Luff** *MSc B.Eng (Hons) MIET*
> > **Facilities & Systems Manager *
> >
> > T: +44 (0)20 8614 7604
> > F: +44 (0)20 8614 7601
> > M: +44 (0)7976 404956
> > E: Michael.luff@xxxxxxxxxxxxxxxx
> >     
> <mailto:Michael.luff@xxxxxxxxxxxxxxxx>
>   
> > *MailSource UK Limited *
> >
> > - Europe's leading specialist in integrated document delivery
> >     
> solutions
>   
> > - Holders of the RoSPA Health & Safety Gold Medal 2006/2007
> >
> > Northumberland House
> >
> > 15 Petersham Road
> >
> > Richmond-upon-Thames
> >
> > Surrey TW10 6TP
> >
> > *www.mailsource.co.uk <http://www.mailsource.co.uk/>*
> >
> > *MailSource UK Limited *
> >
> > - Europe's leading specialist in integrated document delivery
> >     
> solutions
>   
> > - Holders of the RoSPA Health & Safety Gold Medal 2006/2007
> >
> > Northumberland House
> >
> > 15 Petersham Road
> >
> > Richmond-upon-Thames
> >
> > Surrey TW10 6TP
> >
> > *www.mailsource.co.uk <http://www.mailsource.co.uk/>*
> >
> >     
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
> MailSource UK Limited     
>
> - Europe's leading specialist in integrated document delivery solutions
> - Holders of the RoSPA Health & Safety Gold Medal 2006/2007
>  
> Northumberland House           
> 15 Petersham Road                
> Richmond-upon-Thames         
> Surrey    TW10 6TP                
>                                                
>  
> www.mailsource.co.uk
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
>   


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx