> -----Ursprüngliche Nachricht----- > Von: Graham Leggett > Gesendet: Mittwoch, 29. November 2006 12:31 > An: [email protected] > Betreff: Auth in Location: can one basic auth config override another? > > > Hi all, > > After much experimentation with httpd v2.0, where an attempt > is made to > set one basic auth policy for Location /, and a different basic auth > policy for Location /bugzilla, it seems that regardless of > the order of > the Location in the config file, the most general config always wins. > > In other words, it seems currently to be impossible to define > a different > basic auth config in a subdirectory in an urlspace, if an > existing more > general basic auth config exists for a parent directory. > > Can anyone who knows the AAA stuff better confirm whether > this is true or > not?
I don't think so. I have the following configuration running successfully: <Location /somewhere> Options None AllowOverride None DAV On AuthName "Access for somewhere" AuthType Basic AuthUserFile /opt/apache-2.0.55/conf/transfer/passwd.manager order allow,deny allow from all Satisfy all Options none ForceType application/octet-stream <LimitExcept OPTIONS> require user manager </LimitExcept> </Location> <Location /somewhere/deeper/evendeeper> AuthName "Access for evendeeper" <LimitExcept OPTIONS> require user manager somebodyelse </LimitExcept> </Location> If I go to /somewhere/deeper/evendeeper I get the correct Realm presented in the browser. Regards Rüdiger
