Recipe 6.6 Requiring Both Weak and Strong Authentication

Problem

You want to require both weak and strong authentication for a particular resource. For example, you wish to ensure that the user accesses the site from a particular location and to require that he provides a password.

Solution

Use the Satisfy directive to require both types of authentication:

<Directory /www/htdocs/sensitive>             # Enforce all restrictions     Satisfy All     # Require a password     AuthType Basic     AuthName Sensitive     AuthUserFile /www/passwords/users     AuthGroupFile /www/passwords/groups     Require group salesmen     # Require access from a certain network     Order deny,allow     Deny from all     Allow from 192.168.1 </Directory>

Discussion

In this example, a user must provide a login, identifying him as a member of the salesmen group, and he must also use a machine on the 192.168.1 network.

The Satisfy All directive requires that all access control measures be enforced for the specified scope. A user accessing the resource from a nonmatching IP address will immediately receive a Forbidden error message in his browser, while, in the logfile, the following error message is logged:

[Sun May 25 15:31:53 2003] [error] [client 208.32.53.7] client denied by server  configuration: /usr/local/apache/htdocs/index.html

Users who are in the required set of IP addresses, however, receive a password dialog box and are required to provide a valid username and password.

See Also

  • Recipe 6.9



Apache Cookbook
Apache Cookbook: Solutions and Examples for Apache Administrators
ISBN: 0596529945
EAN: 2147483647
Year: 2006
Pages: 215

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net