cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Basic auth interference
/cgi-bin requires HTTP Basic authentication
AuthName "Password Authentication"
/cgi-bin/otherdir requires Cosign authentication
Allow from all
I'd like to have /cgi-bin/otherdir require *just* cosign authentication,
Right now, apache makes you use both, and it would seem both mod_access
and mod_cosign set REMOTE_USER (mod_access seems to be winning)
If I add a 'satisfy any' to the cosign-protect directory, then HTTP
basic authentication isn't required, which is close -- you can use
one or the other. The problem is that if you've already used
something in the top level dir, it's sufficient and you don't need
to use cosign, and I want it to require cosign and nothing else.
Brian Hatch "In one of the Bard's best-thought-of
Systems and tragedies, our insistent hero,
Security Engineer Hamlet, queries on two fronts
http://www.ifokr.org/bri/ about how life turns rotten."
-- anagram of 'to be or not to be...'
Every message PGP signed
Description: Digital signature