 |
cosign-discuss at umich.edu
|
|
general discussion of cosign development and deployment
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Basic auth interference
Situation:
/cgi-bin requires HTTP Basic authentication
<Directory /usr/lib/cgi-bin/>
CosignProtected Off
AuthType Basic
AuthName "Password Authentication"
Require valid-user
AuthUserFile /path/to/phtpasswd
</Directory>
/cgi-bin/otherdir requires Cosign authentication
<Directory /usr/lib/cgi-bin/subdirectory/>
AllowOverride all
Options +ExecCGI
SetHandler cgi-script
Allow from all
CosignProtected On
</Directory>
I'd like to have /cgi-bin/otherdir require *just* cosign authentication,
not both.
Right now, apache makes you use both, and it would seem both mod_access
and mod_cosign set REMOTE_USER (mod_access seems to be winning)
If I add a 'satisfy any' to the cosign-protect directory, then HTTP
basic authentication isn't required, which is close -- you can use
one or the other. The problem is that if you've already used
something in the top level dir, it's sufficient and you don't need
to use cosign, and I want it to require cosign and nothing else.
Any ideas?
--
Brian Hatch "In one of the Bard's best-thought-of
Systems and tragedies, our insistent hero,
Security Engineer Hamlet, queries on two fronts
http://www.ifokr.org/bri/ about how life turns rotten."
-- anagram of 'to be or not to be...'
Every message PGP signed
Attachment:
signature.asc
Description: Digital signature
| 
