[nycphp-talk] apache basic auth
michael
lists at genoverly.net
Mon Jan 23 20:57:06 EST 2006
I've read the apache docs and googled for this but I can't seem to find
a definitive answer. Can you run basic auth in nested directories? Or
does it inherit auth from above?
Say I have restrictions on the whole site with Tom, Dick, Harry, and
Jane in the 'normal' group file. I then have a directory (called
secret) in that site that I only want members of the group 'secret'
to be allowed: Tom, Dick, and Harry (no Jane).
<VirtualHost 10.10.10.03>
ServerName subdomain.domain.com
DocumentRoot /path/to/root/directory/
# restrict whole site
#################################
<Directory "/path/to/root/directory">
AuthType Basic
AuthName "site restricted"
AuthUserFile /path/to/password/file
AuthGroupFile /path/to/group/file
Require group normal
</Directory>
# restrict super secret directory
#################################
Alias /secret/ "/path/to/root/directory/deep/secret/"
<Directory "/path/to/root/directory/deep/secret">
AuthType Basic
AuthName "super secret"
AuthUserFile /path/to/password/file
AuthGroupFile /path/to/group/file
Require group secret
</Directory>
</VirtualHost>
I have something similar to this set up. When I point my browser at
http://subdomain.domain.com I get prompted. I logon as Jane and can
see the site. I then go into the /secret/ directory and I do NOT get
prompted again! Unless I'm missing something, it looks like nested
auth does not work.
I've tried closing the browser and reopening the browser to clear
authentication remnants. Am I doing something wrong? Is there another
way to do what I'm trying to do?
I am aware basic auth is not secure, but, I want to get this basic
concept to work first. Then I will use encryption.
--
Michael
More information about the talk
mailing list