On 2017-03-16 13:09, Paul Groves wrote:
On 15/03/17 23:53, David C. Rankin wrote:
On 03/15/2017 08:13 AM, Paul Groves wrote:
A friend just emailed me this. Apparently you are supposed to use the module names as he has set out below. I have tried the configuration and it is working as expected.
<IfModule authnz_external_module> AddExternalAuth pwauth /usr/sbin/pwauth SetExternalAuthMethod pwauth pipe </IfModule>
<IfModule authz_unixgroup_module> AddExternalGroup unixgroup /usr/sbin/unixgroup SetExternalGroupMethod unixgroup environment </IfModule>
And as before:
AuthType Basic AuthName "You shall not pass! (Unless you are a system administrator)" AuthBasicProvider external AuthExternal pwauth <RequireAll> Require valid-user Require unix-group sudo </RequireAll> Paul,
Thanks for the follow up and providing the results of your digging. For a bit stricter password controls on 2.2 or 2.4, I have been using Basic auth with a hashed password file created with dbmanage2 to provide remote access regardless of whether there is a valid unix user. It's just another simple option that seems to work well on 2.4 as well:
Alias /foo/ "/srv/http/htdocs/foo/" Alias /foo "/srv/http/htdocs/foo/"
Options +Indexes +FollowSymLinks IndexOptions FancyIndexing IconsAreLinks SuppressDescription FoldersFirst NameWidth=* AllowOverride AuthConfig Options FileInfo Limit # mod rewrite stuff AuthType Basic AuthName "Case_Restricted" AuthBasicProvider dbm AuthDBMType DB AuthDBMUserFile /usr/local/lib/apache2/caseaccess Require valid-user </Directory> You create the database with, e.g
# dbmmanage2 dbname command argument
or with actual data
# dbmmanage2 caseaccess adduser paul
'paul' can now connect from anywhere...
you will be prompted for password which is then hashed and stored in the file. You can view check entries with
# dbmanage2 dbname view paul # dbmanage2 dbmane check paul passwd:
Thanks, Might come in handy in the future. Unfortunately not possible in my case as the server is a member of active directory and the "unix groups" and "local users" are just users from AD linked by pam
It may be useful to me. I wondered how to have simple web page with some access control. I suppose this is with https? Or is that a separate thing? -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))