Leon Poon wrote:
>
> Hi,
>
> I am using Apache 1.2.6 + SSL 0.8.1 + Apache/SSL 1.16 on a Solaris 2.5.1 box,
> and I would like to use the "require group" directive for the fake basic auth in
> apache_ssl. Currently, I have the following:
>
> 1. /usr/local/apache/clientcerts file with the pseudo username and
> password of the form:
> /C=US/ST=Maryland/O=ISR/OU=Computing/CN=joe/Email=joe@umd.edu:xxj31ZMTZzkVA
>
> 2. /usr/local/apache/clientgroups file with the entry
> joe: /C=US/ST=Maryland/O=ISR/OU=Computing/CN=joe/Email=joe@umd.edu
>
> 3. a .htaccess file with
>
> AuthType Basic
> AuthName Testing Client Auth
> AuthUserFile /usr/local/apache/clientcerts
> AuthGroupFile /usr/local/apache/clientgroups
> <Limit GET>
> require group joe
> </Limit>
As a slight side-issue, for best security, I would recommend you change
this to be in the apache config instead of an external file (if you've
only done that for testing, then please feel free to tell me to go teach
my grandma... :). Put something like this in your virtual host
definition:
<Directory /usr/local/apache/webdocs>
AllowOverride none
AuthUserFile /usr/local/apache/clientcerts
AuthGroupFile /usr/local/apache/clientgroups
AuthType Basic
AuthName Testing Client Auth
<Limit GET>
require group joe
</Limit>
</Directory>
Not sure why it's not working (never played with groups), sorry...
cheers,
Adam
--
Adam Laurie Tel: +44 (181) 742 0755
A.L. Digital Ltd. Fax: +44 (181) 742 5995
Voysey House
Barley Mow Passage http://www.aldigital.co.uk
London W4 4GB mailto:adam@algroup.co.uk
UNITED KINGDOM PGP key on keyservers