|
cosign-discuss at umich.edu |
| general discussion of cosign development and deployment | |
Situation: /cgi-bin requires HTTP Basic authentication <Directory /usr/lib/cgi-bin/> CosignProtected Off AuthType Basic AuthName "Password Authentication" Require valid-user AuthUserFile /path/to/phtpasswd </Directory> /cgi-bin/otherdir requires Cosign authentication <Directory /usr/lib/cgi-bin/subdirectory/> AllowOverride all Options +ExecCGI SetHandler cgi-script Allow from all CosignProtected On </Directory> I'd like to have /cgi-bin/otherdir require *just* cosign authentication, not both. Right now, apache makes you use both, and it would seem both mod_access and mod_cosign set REMOTE_USER (mod_access seems to be winning) If I add a 'satisfy any' to the cosign-protect directory, then HTTP basic authentication isn't required, which is close -- you can use one or the other. The problem is that if you've already used something in the top level dir, it's sufficient and you don't need to use cosign, and I want it to require cosign and nothing else. Any ideas? -- Brian Hatch "In one of the Bard's best-thought-of Systems and tragedies, our insistent hero, Security Engineer Hamlet, queries on two fronts http://www.ifokr.org/bri/ about how life turns rotten." -- anagram of 'to be or not to be...' Every message PGP signed
Attachment:
signature.asc
Description: Digital signature