Apache 1.3: Combined name & anonymous auth?

Apache 1.3: Combined name & anonymous auth?

Post by Patrick L. Nola » Sat, 27 Jul 2002 05:48:35

I have a fairly low-security server where I want to set up a
hybrid authorization system.  People with assigned userids and
passwords can log in, while other people can do an anonymous
login with a standard userid.  This is sort of like the way
FTP works.  Scripts would check the REMOTE_USER to see what
level of privilege should be allowed.

I thought I could do this by combining my normal auth
(mod_auth_mysql if it makes a difference) with Anonymous
and using "satisfy any".  Instead it just lets anyone in
without checking for authorization.

Here's the relevant section of the httpd.conf file:
<Directory /path/protected>
Options Indexes FollowSymLinks
AuthName "Our Group"
AuthType Basic
Auth_MySQL_Password_Table people
Auth_MySQL_Group_Table people
Auth_MySQL_Username_Field userid
Auth_MySQL_Empty_Passwords off
Auth_MySQL_Encryption_Types MySQL Crypt_DES
Auth_MySQL on
order deny,allow
require group ourgroup
Anonymous anon
Anonymous_MustGiveEmail on
Anonymous_LogEmail on
satisfy any

The MySQL stuff has been working for ages.  I just added
the Anonymous and satisfy lines.

*   Patrick L. Nolan                                          *
*   W. W. Hansen Experimental Physics Laboratory (HEPL)       *
*   Stanford University                                       *


1. DBM Auth. not working on Apache 1.2.4 / 1.2.5 / 1.3...

I already read all Bug-Reports and found people who seem to have the
same problem.
Unfortunately I stillcannot find a solution.
My Problem occurs on a Linux Kernel 2.0.32 using Apache 1.2.4 ,  Apache
1.2.5 as well
as using Apache 1.3.x.

I try to use the DBM Authentication Method but get always the results
listed below.
I downloaded and installed the newest Version of gdbm and successfully
re-compiled Apache, but without any improvment
in authentication...

My '.htaccess' file looks like this
    <Limit GET POST>
    require valid-user
    AuthName TEST
    Authtype basic
    AuthDBMUserFile /usr/local/httpd/htdocs/adr/htpasswd

I created my DBM File 'htpasswd'  using 'dbmmanage.new
/usr/local/httpd/htdocs/adr/htpasswd adduser test test '.

But if I try to login using my browser, the following is printed in the
servers error logfile (this is the version with Apache 1.3.x):
   [Mon Feb 23 10:52:03 1998] [error] (2)No such file or directory:
could not open dbm auth file: /usr/local/httpd/htdocs/adr/htpasswd
   [Mon Feb 23 10:52:03 1998] [error] DBM user test not found:

2. support PCI network card?

3. Apache auth & deb auth problem?

4. How to connect two systems?

5. Variable names (apache 1.3)

6. HP LaserJet4 Print Problem?

7. Redirecting real host's name to its WWW CNAME - Apache 1.3

8. ctags help needed

9. Q: Apache 1.3.x, mod_mmap_static, & Solaris

10. Apache 1.3 / unix & CGI security

11. Help wanted:Apache 1.3, Proxy Block & Error Message

12. OpenSSH 3.x & Apache 1.3.x security fix

13. php3 & apache 1.3