Hi William,
I've now managed to get this to work by using <Location> instead
of <Directory>, my listing now reads:
<location /files>
Order Allow,Deny
Satisfy Any
Allow from 10.0.0
AuthName "authentication required"
AuthType Basic
AuthMySQLHost localhost
AuthMySQLEnable on
AuthMySQLUser xxxxxxx
AuthMySQLPassword xxxxxxx
AuthMySQLDB auth
AuthMySQLUserTable users
AuthMySQLNameField user_name
AuthMySQLPasswordField user_passwd
AuthMySQLGroupTable groups
AuthMySQLGroupField user_group
# This next line controls which group(s) can access the resource
Require group user admin
</Location>
I changed this after reading up on different containers and finding this
comment:
'When applying directives to objects that do not reside in the
filesystem (such as a webpage generated from a database), use
<Location>.'
My pages are indeed generated from a database.
Are there any problems using this approach or is it safe to consider
this solved?
Many thanks for all your help,
Michael.
-----Original Message-----
From: paredes [mailto:[EMAIL PROTECTED]
Sent: 07 August 2006 19:46
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] mod_auth_mysql
Hi Michael!
Set your apache loglevel directive to debug. Then you can open and
monitor your apache error log live [sudo tail -f pathToYourErrorLog] as
you hit your protected page with your browser. You should be able to see
what mod_auth_mysql returns to the logs.
I noticed that you are using auth_dbm_module. How is that module being
used.
In my configuration, I only load the module which I need and nothing
else. It makes troubleshooting easier [and the server a bit faster]:
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_ldap_module modules/mod_auth_ldap.so
LoadModule mysql_auth_module modules/mod_auth_mysql.so
LoadModule include_module modules/mod_include.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imap_module modules/mod_imap.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule php5_module modules/libphp5.so
In my configuration [apache2.0.58] which I need to use dual
authentication - mod_auth_ldap with a "failthru" to mod_auth_mysql
[sourceforge ver 3.0] it was by trial and error that I found that
mod_auth_mysql's load order is important. That is why I'm curious how
you are using mod_auth_dbm.
Regards,
William Paredes
Computer Based Education
Albert Einstein College of Medicine
Michael Luff wrote:
Hello does anyone have any idea where I might look to resolve this
issue?
Many thanks.
I'm using apache v2.0.55 and mod_auth_mysql v3 on a Gentoo Linux
box. Below is a section from my httpd.conf - does it look right?
# These modules provide authentication and authorisation for
# clients. They should not normally be disabled.
#
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so
LoadModule auth_dbm_module modules/mod_auth_dbm.so
LoadModule auth_digest_module modules/mod_auth_digest.so
Many thanks,
Michael.
-----Original Message-----
From: paredes [mailto:[EMAIL PROTECTED]
Sent: 20 July 2006 19:01
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] mod_auth_mysql
Greetings Michael!
Which versions of apache and mod_auth_mysql are you using? What
platform
are you on? When you check your httpd.conf file is mod_auth being
loaded?
Regards,
William Paredes
Computer Based Education
Albert Einstein College of Medicine
Bronx, New York USA
Michael Luff wrote:
Hi William,
Thanks for your help on this one. From what you and Elaine have
written and from what I've read, this really ought to work but I'm
still stuck with the all or nothing problem.
If I modify my file as you suggest, anyone can get access without
being prompted for a password, not just the IP I specify; if I
comment
out the 'satisfy any' line, I'm back to passwords for all.
As we agree that the approach is valid, can anyone think of any other
commands, directives etc somewhere else that might be having an
effect
on this?
Many thanks,
Michael.
-----Original Message-----
From: paredes [mailto:[EMAIL PROTECTED]
Sent: 19 July 2006 23:52
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] mod_auth_mysql
Greetings Michael!
What should work is the following:
<Directory /var/www/localhost/htdocs>
deny from all
allow from 10.0.0.72
AuthName "authentication required"
AuthType Basic
AuthMySQLHost localhost
AuthMySQLEnable on
AuthMySQLUser xxxxxxx
AuthMySQLPassword xxxxxxx
AuthMySQLDB auth
AuthMySQLUserTable users
AuthMySQLNameField user_name
AuthMySQLPasswordField user_passwd
AuthMySQLGroupTable groups
AuthMySQLGroupField user_group
Require group user admin
satisfy any
</directory>
William Paredes
Computer Based education
Albert Einstein College of Medicine
Bronx, New York USA
Michael Luff wrote:
Hi Elaine,
Many thanks for the help, I've now got:
<Directory /var/www/localhost/htdocs>
AuthName "authentication required"
AuthType Basic
AuthMySQLHost localhost
AuthMySQLEnable on
AuthMySQLUser xxxxxxx
AuthMySQLPassword xxxxxxx
AuthMySQLDB auth
AuthMySQLUserTable users
AuthMySQLNameField user_name
AuthMySQLPasswordField user_passwd
AuthMySQLGroupTable groups
AuthMySQLGroupField user_group
# This next line controls which group(s) can access the resource
AllowOverride none
Require group user admin
Order allow,deny
Allow from 10.0.0.72
Satisfy Any
</Directory>
But now anyone can access it, not just the IUP address I've
specified!
I can't seem to get around this all or nothing problem.
Can you see anything I've done wrong?
Regards,
Michael.
*From:* elaine [mailto:[EMAIL PROTECTED]
*Sent:* 19 July 2006 13:49
*To:* users@httpd.apache.org
*Subject:* Re: [EMAIL PROTECTED] mod_auth_mysql
Michael,
Try to use the "allow" and "satisfy" directives.
This is an example, that we use to protect our intranet access :
(Note that the IP's and server name were modified, and we use the
deny
directive
to refuse connections from reception kiosk.)
<Limit GET PUT POST>
# Allow access only to authenticated users from MySQL # or users
that
are in the intranet # (except IP xx.xx.xx.xx : reception kiosk)
require valid-user
Order allow,deny
Deny from xxx.xxx.xx.x
# Allow access from our internal network without # username and
password
Allow from example.com
Satisfy any
</Limit>
You can read more details about Satisfy directive :
http://httpd.apache.org/docs/2.2/mod/core.html#satisfy
Regards,
Elaine
Michael Luff wrote:
Hi All,
I've got mod_auth_mysql working nicely but I would like the users on
my internal network not to have to enter a username and password,
just
people accessing from outside.
I've tried various solutions using Order deny,allow; allow from and
so
forth but with no luck, I end up with everyone being prompted or
no-one.
Here's my unmodified <Directory> command from my httpd.conf that
requires everyone to supply a password, can anyone suggest how I can
modify it to allow access from 10.0.0?
<Directory /var/www/localhost/htdocs>
AuthName "authentication required"
AuthType Basic
AuthMySQLHost localhost
AuthMySQLEnable on
AuthMySQLUser xxxxxx
AuthMySQLPassword xxxxxxx
AuthMySQLDB auth
AuthMySQLUserTable users
AuthMySQLNameField user_name
AuthMySQLPasswordField user_passwd
AuthMySQLGroupTable groups
AuthMySQLGroupField user_group
# This next line controls which group(s) can access the resource
require group user admin
</Directory>
Regards,
*Michael Luff** *MSc B.Eng (Hons) MIET* **Facilities & Systems
Manager *
T: +44 (0)20 8614 7604
F: +44 (0)20 8614 7601
M: +44 (0)7976 404956
E: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
*MailSource UK Limited *
- Europe's leading specialist in integrated document delivery
solutions
- Holders of the RoSPA Health & Safety Gold Medal 2006/2007
Northumberland House
15 Petersham Road
Richmond-upon-Thames
Surrey TW10 6TP
*www.mailsource.co.uk <http://www.mailsource.co.uk/>*
*MailSource UK Limited *
- Europe's leading specialist in integrated document delivery
solutions
- Holders of the RoSPA Health & Safety Gold Medal 2006/2007
Northumberland House
15 Petersham Road
Richmond-upon-Thames
Surrey TW10 6TP
*www.mailsource.co.uk <http://www.mailsource.co.uk/>*
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
MailSource UK Limited
- Europe's leading specialist in integrated document delivery
solutions
- Holders of the RoSPA Health & Safety Gold Medal 2006/2007
Northumberland House
15 Petersham Road
Richmond-upon-Thames
Surrey TW10 6TP
www.mailsource.co.uk
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
MailSource UK Limited
- Europe's leading specialist in integrated document delivery
solutions
- Holders of the RoSPA Health & Safety Gold Medal 2006/2007
Northumberland House
15 Petersham Road
Richmond-upon-Thames
Surrey TW10 6TP
www.mailsource.co.uk
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
MailSource UK Limited
- Europe's leading specialist in integrated document delivery solutions
- Holders of the RoSPA Health & Safety Gold Medal 2006/2007
Northumberland House
15 Petersham Road
Richmond-upon-Thames
Surrey TW10 6TP
www.mailsource.co.uk
Please consider the environment before printing this e-mail. Thank you.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
