Mailing List Archive: Access restrictions based on domain

Access restrictions based on domain

Sep 14, 1995, 1:21 PM

Post #1 of 3 (344 views)

A number of people (probably coming from NCSA servers) are getting
tripped up trying to do authorization based on domain exclusion

The NCSA docs and examples suggest that

AuthUserFile
AuthGroupFile
AuthName
AuthType

need to be defined, even though (AFAIK) none of them make the slightest
bit of difference to authorisation based on domain exclusion.

e.g. NCSA examples suggest,

AuthUserFile /dev/null
AuthGroupFile /dev/null

Apache barfs when it sees some/all Auth* lines, and insists on
prompting for a user/password, even though they aren't required.

Here are 3 solutions (others might exist),

1) document Apache authorization / access control
2) "fix" Apache
3) both of the above

rob
--
http://nqcd.lanl.gov/~hartill/

Re: Access restrictions based on domain [ In reply to ]

rst at ai

Sep 14, 1995, 12:55 PM

Post #2 of 3 (348 views)

Permalink

I think that the way we're testing whether to require auth in a directory
is whether there is an AuthType listed. If that's not what NCSA does, the
interesting question is, what *does* it do? Sigh...

rst

Re: Access restrictions based on domain [ In reply to ]

hartill at ooo

Sep 14, 1995, 2:24 PM

Post #3 of 3 (346 views)

Permalink

>
> I think that the way we're testing whether to require auth in a directory
> is whether there is an AuthType listed. If that's not what NCSA does, the
> interesting question is, what *does* it do? Sigh...
>
> rst
>

I just looked at Apache 0.6.5. Following the code it looks the same
as described above.

I quoted the NCSA 1.4 documentation (as sent to us in a bug report).
Either 1.4 changed, or the documentation is wrong.

Whichever, Apache 0.8 behaves in a reasonable way (IMO), so I'd recomend
we make a note of the problem on the compatibility page.

rob