You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Brian Behlendorf <br...@hyperreal.org> on 1997/07/22 04:02:39 UTC
Re: mod_auth-any/735: require user/require group step on each
other
At 11:51 AM 7/21/97 -0400, David Birnbaum wrote:
>The "satisfy" directive seems to work only on IP address/(user/group)
>combinations, but does not fix the error for user/group combinations only.
True, my mistake.
>Set up an .htaccess file as follows:
>
>AuthType Basic
>AuthName flatiron.org Statistics
>AuthDBMUserFile /usr/local/httpd/.access/passwd.http
>AuthDBMGroupFile /usr/local/httpd/.access/group.http
>require valid-user
>require group tech
>require user davidb
First, "require valid-user" isn't necessary...
Second: it appears you are right, that the logic for multiple requires
lines is not a union. I am wary, however, of changing this logic, for this
is the way it's worked for a long time now, and shifting this may cause
someone's security model to break. It's very easy to work around - give
"david" his own group, and user two "require group" lines, or "require
group tech davidsgroup". I also noticed, oddly enough, that if one uses a
non-DBM group file, then this works as expected. Hmm!
Authentication will get a major revamp in a future version of Apache, we
realize the semantic limits of the current config file format.
Brian
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
"Why not?" - TL brian@organic.com - hyperreal.org - apache.org