[BlueOnyx:11539] Re: htaccess user auth strange behaviour
Michael Stauber
mstauber at blueonyx.it
Mon Oct 15 13:49:42 -05 2012
Hi David,
> Here's the strange part on my BX5107 system: even if I list a specific
> username in the Require valid-user line of the .htaccess file, it will
> authorize ANY valid user! It does not restrict access to the listed users
> only! So my line:
>
> Require valid-user joeuser
>
> is in fact admitting any user with a valid username and password on the
> system, not just joeuser.
Yeah, the README provided with the authentication is indeed a bit
incorrect. Stephanie recently sent me an updated version which lists the
correct methods. I haven't had a chance to publish it yet, but here is
the info from it:
1) Basic configuration for any users:
AuthType Basic
AuthName <authname>
AuthBasicProvider external
AuthExternal pwauth
Require valid-user
2) Only allow 1 specific user to authenticate
AuthType Basic
AuthName <authname>
AuthBasicProvider external
AuthExternal pwauth
Require user <username1> <username2>
3) Allow group authentication
AuthType Basic
AuthName <authname>
AuthBasicProvider external
AuthExternal pwauth
GroupExternal unixgroup
Require group <groupname1> <groupname2>
So "require valid-user" indeed lets any valid user in. What you're
looking for is in example #2.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list