General discussion

Locked

Can i have more than one authuserfile

By workman_m ·
I have a bunch of domains running on a server. I wanted to have an htaccess file that was a master and included all the usernames and passwords of administrators....and then one unique to each domain
I had hoped that i could have multiple authuserfiles that would be searched...but i cannot find any examples on the net... Can you have more than one line in an htaccess file for the AUTHUSERFILE?

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Toivo Talikka In reply to Can i have more than one ...

According to Apache documentation at http://httpd.apache.org/docs/2.0/howto/htaccess.html, .htaccess file is a "distributed configuration file" which is used and accessed on a per-directory basis. Please also note in the same context that "In general, you should never use .htaccess files unless you don't have access to the main server configuration file."

There is a tutorial at http://hoohoo.ncsa.uiuc.edu/docs/tutorials/user.html which shows how to use AuthUserFile and AuthGroupFile, if that helps.

If you can set up one .htaccess file per directory or domain, you can have also have multiple AuthUserFiles in the system.

If the administrators access the directories from inside your LAN, you can set up a second virtual host for the directory and link it to another internal IP address. When you define the <directory> entry for the virtual hosts, you can include the AuthUserFile directive there, instead of using the .htaccess file.

Therefore ordinary users accessing the domain from outside the LAN using one internal IP address would be authenticated against one set of usernames in the file specified in the AuthUserFile entry and the administrators accessing the domain from inside the LAN using the second internal IP address would be authenticated against another set of usernames in the text file specified in the AuthUserFile entry in their <directory> settings.

I have not tested it but you may be able to get away with setting up the AuthUserFile for the administrators in <Directory "/var/www/html"> if the other users have access only to subdirectories under the document root.

Back to Security Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums