[BlueOnyx:11537] htaccess user auth strange behaviour

[David Thacker]

Greetings,

I added an .htaccess file to a folder in a vsite web, intending to have 
that folder be password protected for access by a single site user. I read 
the /root/PAM_AUTH_EXTERNAL.READ-ME for starters, and then found out by 
testing and then later searching of this forum that it was incorrect. The 
corrected syntax is in Rickard Osser's post from March 17, 2010 (post# 
04038).

Rickard's examples show two examples, one for authenticating any valid 
user on the server:

AuthType Basic
Authname "User Authorization Required"
AuthBasicProvider external
AuthExternal pwauth
Require valid-user

and one for authenticating to any user belonging to a specific site (eg. 
site10):

AuthType Basic
Authname "User Authorization Required"
AuthBasicProvider external
AuthExternal pwauth
GroupExternal unixgroup
Require group site10


In the /root/PAM_AUTH_EXTERNAL.READ-ME there was a third example, for 
authenticating one or more specific users, rather than any valid users. 
Instead of just:

  Require valid-user

you change it to:

  Require valid-user username1

or for multiple specific users:

  Require valid-user username1 username2 username3


Here's the strange part on my BX5107 system: even if I list a specific 
username in the Require valid-user line of the .htaccess file, it will 
authorize ANY valid user! It does not restrict access to the listed users 
only! So my line:

  Require valid-user joeuser

is in fact admitting any user with a valid username and password on the 
system, not just joeuser.

Does anyone have working syntax for .htaccess on BlueOnyx to restrict 
access to a specific user (or users) rather than any valid user?

Regards,

dAvid tHacker                                  Email: David at ThackerNet.com
Thacker Network Technologies Inc.                Http://www.ThackerNet.com