user auth via TWO different .htpasswd's possible?

user auth via TWO different .htpasswd's possible?

Post by Ian Vea » Fri, 08 Jun 2001 02:13:15



My problem: I have a "user area" that the customer should have user-auth protected
access to.  I would also like our customer services group to have access to
that directory.  There are a variety of solutions, but I'd like one that meets
the following conditions:
        * the user should be able to completely rebuild their .htaccess file
          without having to know the customer services id and password (to
          rebuild the file with)
        * customer services should be able to completely rebuild their
          .htaccess file without having to know the customer id and password
          (to rebuild the file with)
        * ideally, customer shouldn't have to cut and paste even the
          encrypted information from their .htaccess.  In other words, if
          they look at the one they manage, they shouldn't even see the
          customer services entry.

I guess I was thinking of trying to get two .htpasswd's and/or two .htaccess's
to manage the same directory [same realm].  Because the directory in question is
a base directory (aliased that way), I don't think I can put one set in the
parent directory.

Any ideas?  Thanks,
ivo

 
 
 

user auth via TWO different .htpasswd's possible?

Post by Joshua Sliv » Sat, 09 Jun 2001 04:49:14



> I guess I was thinking of trying to get two .htpasswd's and/or two .htaccess's
> to manage the same directory [same realm].  Because the directory in question is
> a base directory (aliased that way), I don't think I can put one set in the
> parent directory.

1. There used to be at least one module on http://modules.apache.org/
that allowed you to use multimple .htpasswd files.  Take a look.

2. Otherwise, you can use two different auth modules and adjust
the ...AuthAuthoritative directives to get the authentication to
fall through.  This means, for example, having your main password file
as a dbm text file via mod_auth_dbm, but having a second "administrator"
password file as a plain text file accessed via mod_auth.

--
Joshua Slive

http://slive.ca/

 
 
 

1. Apache: relogin as different auth'd user

I have a web page (served by Apache 1.3.9/SSL) that requires a user to
login before he can access subsequent pages. The protected pages are in
a separate directory that  has basic user authentication. When the user
tries to access a protected page, a dialog box is displayed asking for a
username and password. Once the user logs in, he can see all pages in
the protected directory as long as that instance of the browser exists.

Can he login as a different user *without* closing all browser sessions
and launching a new one? I am not using a database to store/authenticate
users, just the .htpasswd file. This is the conf for the authentication.

<Directory /protected/dir>
 Options FollowSymLinks
 Authname "Login"
 AuthUserFile .htpasswd
 AuthType basic
 Require valid-user
 Order deny,allow
</Directory>

I wrote a script to return the user to an unprotected dir, clear the
environment variables, and redirect them to a protected page (hoping the
login box would appear) but it didn't produce the desired result - the
old username was still there.

Any info or hints would be greatly appreciated.

Thanks in advance

AM

Sent via Deja.com http://www.deja.com/
Before you buy.

2. Can't get AHA-1542 to work

3. connecting via ppp to two different sites with same IP's

4. Audio Beta App

5. Q: Two mouse pointers using two mice possible in X, possible?

6. Can't abort system calls on Irix

7. Fastest way to enter 1400+ user/passwords via htpasswd!

8. Help! Can't make working boot floppy

9. auth. via user-defined page

10. Two different PCI graphics cards - one X server, one large desktop: Possible?

11. is it possible to have two different interface to have the same default route?

12. pinging two different URLs, response comes from same IP address (server), Is that possible?

13. (Newbie) Script behaves different when run interactively than via 'at'