You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Rob Hartill <ha...@ooo.lanl.gov> on 1995/09/14 21:21:10 UTC

Access restrictions based on domain

A number of people (probably coming from NCSA servers) are getting
tripped up trying to do authorization based on domain exclusion

The NCSA docs and examples suggest that 

AuthUserFile
AuthGroupFile
AuthName
AuthType

need to be defined, even though (AFAIK) none of them make the slightest
bit of difference to authorisation based on domain exclusion.

e.g. NCSA examples suggest,

AuthUserFile /dev/null
AuthGroupFile /dev/null

Apache barfs when it sees some/all Auth* lines, and insists on
prompting for a user/password, even though they aren't required.

Here are 3 solutions (others might exist),

  1) document Apache authorization / access control
  2) "fix" Apache
  3) both of the above



rob
--
http://nqcd.lanl.gov/~hartill/