Hello List: My goal is to base web access control on the underlying Unix file system group access. I'm using: - AuthzUnixgroup (Third-party module which effectively replaces AuthGroupFile with /etc/group. http://www.unixpapa.com/mod_authz_unixgroup/) - Apache's "Require file-group" mechanism (mod_authz_owner) We experience two prohibitively annoying side-effects of this, and I need help with #2: 1) Every request for a missing file results in a request for reauthentication. To solve this, I've added rewrite rules which check for file existence. If a requested file doesn't exist, it rewrites the request to an informative php script. This works well. 2) A request for an existing file to which the authenticated user is not authorized results in the desired request for reauthentication and access denial. However, when the user then returns to a file to which s/he is authorized, s/he is again forced to reauth. It's as if the user's login is forgotten after every step out-of-bounds. Is this the expected behavior for "Require file-group"? If so, can anyone recommend a friendlier work-around? -- We're at: Solaris8, apache-2.2.4, SSL is enabled. ############################################################################# <Directory /web/htdocs/TJB_TEST > AllowOverride None order deny,allow deny from all allow from .example.com Options SymLinksIfOwnerMatch IncludesNOEXEC Indexes DirectoryIndex /DirectoryIndexer.php AuthName "TJB_TEST Access Controls Test" AuthType Basic AuthBasicProvider file AuthUserFile /web/conf/Password.cfg AuthzOwnerAuthoritative on AuthzUnixgroup on Require file-group Satisfy all </directory> ############################################################################# Thanks! --Tom --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx