Hello!
We had to implement a 2-factor authentication scheme for requests coming in from
outside our network. This was done with a special authnz-module, that is fronted
by "AuthType form". The mod_auth_form and mod_session_cookie parse out the
special cookie (the 2nd factor), and then our module verifies it.
This works great for the applications, that do their own authentication (the
original 1st factor).
However, we also have some applications, that rely on Apache's "basic auth" to
authenticate, and I can't figure out, how to combine "AuthType form" and
"AuthType basic" for the same Location. Although there are no complains in the
logs, it seems like one setting trumps the other -- but we need both for the
requests, that come from the outside.
Short of setting up another instance of Apache to proxy to the current one after
running the preliminary checks on external requests, what are my options?
Thanks! Yours,
-mi
