You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "Mr J.A. Gilbertson" <jg...@liverpool.ac.uk> on 2008/09/26 16:54:30 UTC

[users@httpd] Require user OR group and Satisfy Any

Hi,

We've currently moved from 2.0 to 2.2 and have noticed a difference in 
out .htaccess files under the two.

We use mod_auth(nz)_external on both and ahve a user and group auth 
program to authenticate/authorise.

In 2.0 with .htaccess containing:

Deny from All
AuthType Basic
#so only 2.2 apache uses it
<IfModule mod_authnz_external.c>
   AuthBasicProvider external
</IfModule>
AuthName "Access restricted to Maths Staff only"
AuthExternal LDAPUser
GroupExternal LDAPGroup
<Limit GET>
   require group ou=st,ou=foo,ou=bar,o=baz
   require user fred
   Satisfy Any
</Limit>

A user in group st,foo,bar,baz would get in, as would user fred.

In 2.2, it seems to check the user against fred, and then if that does 
not match, it doesn't even try the group auth (checked with the auth 
programs dumping debug info to files)

Is there some magic option that appeared between versions which we'v 
eoverlooked that could explain the change in behaviour?

-- 
John Gilbertson
The University of Liverpool

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org