> I'm looking for a method of ensuring that a username/password pair is
> comming from a specific domain/set of IPs (possably more than 2).
> I wish to have a single sign-on page where the user would put in
> username/password and have the server silently check for the domain from
> which the access is coming from and grant/deny on all three critera (it
> will be a dynamic set of hosts from which access will be allowed).
> I don't care if the sign-on page is a html form or a .htaccess as long as
> one can not simply by-pass the sign-on.
You can use .htaccess to grant access to your page(s) based on both.
should be able to use the 'satisfy' directive in your .htaccess file to
"if coming from this address" and "they have a username/password" let
> I could do the verification through mod_auth_external if it is possable but
> my question is this: when Apache checks .htaccess and grants access does
> it then check for every document and directory below the first? I want
> reasonable security but I don't know about running that many queries on the
Unfortunatly there is no way to get around this. (At least that I know
Because HTTP/WebServers are not built to be serial (ie: you get this
and then the next page, and then the next) but instead are more 'random
access' the server must verify EVERY attempted access. You can reduce
amount of 'hits' on your data-base by only protecting the pages/pics
really need to be protected.
If you dont care about people 'possibly' getting access to all your
and pics place them in an unrestricted directory. That way if you .html
has 10 small icons your database only gets 'hit' once for the page and
11 times (1 for each pic and 1 for the page)
You could also reduce the 'hits' on your database by refusing access
the restricted pages by IP address *BEFORE* you ask for a password. That
way you ONLY have to query the database for those that actually fit your
first requirement (the IP address).
> I could modify the source to mod_auth_postgres if I know how to get my
> hands on the REMOTE_HOST environment or a pointer to it in some structure
> within the mod_auth_postgres module.
> Any pointers would be greatly appreciated and will be met with kindness and
> cuddles :-)
> Steve /..
If you do end up using Mod_Auth_External make sure you get the latest
from http://www.nas.nasa.gov/~allison/mod_auth_external and let me know
have any trouble. We already have a few people working on modules for
and 'Sybase' queries, and Id love to include your finished product in
| Tyler Allison | Sterling Software | Voice: (415) 604-6629
| Network Engineer I | M/S 258-6 | Fax: (415) 604-4377
| LAN/Security Group | NASA Ames Research Center