This isn't a php problem as much as an apache problem, however, it is =
webmasters of php sites that would have dealt with this.
Here's the dilemna-
If you use mod_dav to maintain a php application that uses =
username/password authentication for the web app, it doesn't play very =
nice.
At least not how I have it set up- which is why I need help ;)
here's how the web application is set up in my httpd.conf:
Alias /obm/ /opt/php/obm/
Alias /obm-src/ /opt/php/obm/
<Directory "/opt/php/obm/">
Options Indexes MultiViews
AllowOverride None
Order allow, deny
Allow from all
AuthType Basic
AuthName webDAV
AuthUserFile /etc/httpd/conf/dav.user
</Directory>
(further down)
<IfModule mod_dav.c>
DAVLockDB /var/apache/dav/moddav
DAVMinTimeout 600
<Location /obm-src/>
DAV On
ForceType text/plain
<Limit PUT POST DELETE PROPFIND MKCOL MOVE LOCK UNLOCK>
Require user webmaster
</Limit>
</Location>
</IfModule>
-=3D-
Works beautifully for webDAV updating of the web application.
However, when a user logs in to the web application, after they enter =
the username and password, they are prompted for a login for the webDAV =
realm, which is not what I want.
If I add the satisfy any directive to the directory authentication- =
i.e.-
<Directory "/opt/php/obm/">
Options Indexes MultiViews
AllowOverride None
Order allow, deny
Allow from all
AuthType Basic
AuthName webDAV
AuthUserFile /etc/httpd/conf/dav.user
satisfy any
</Directory>
Then the web applications authentication works perfectly (user not =
prompted for a webDAV realm login after their username/password are =
verified by the php) but this kills security for webDAV file uploading, =
and a webDAV client can connect without username/password.
What I need to do, is only require authentication in the webDAV realm if =
the user is accessing the client through webDAV (i.e. through the =
/obm-src/ alias) but not require webDAV realm authentication if the user =
is accessing through the /obm/ alias
As far as I can tell, apache authentication directives are directory =
based, not url based, which is where my problem is :(
I must define the webDAV authentication method in the =
<Directory></Directory> directive, but I only want it to take effect if =
being accessed through /obm-src/ and NOT take effect if being accessed =
through /obm/
Interestingly enough, this is NOT a problem if the web application uses =
Advanced Authentication to authenticate the users (such as phpMyAdmin) =
but it is a problem if the web application uses typical php =
authentication to authenticate the users. That triggers apache to want =
the realm authentication as well.
Any suggestions or ideas on how to resolve this issue?
I'm sorry for the length of the post...
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Michael A. Peters
Abriasoft Senior Developer
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Michael A. Peters
Abriasoft Senior Developer
http://www.abriasoft.com/
(510) 623-9726x357
Fax: (510) 249-9125
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
