5

In a virtual host, I setup two different <Location> blocks for which the access is restricted by two basic authentication htpasswd files. One htpasswd contains different usernames + a common user name. The other htpasswd file only contains the common user name.

My problem is that once users connect a location with the common user name, they have immediate access to the other location without being asked for a different user name.

Is there a way to restrict the username access only to the corresponding htpasswd file? Is there a way for users to ask to be re-prompted for another username/password?

greydet
  • 171
  • 7

1 Answers1

2

I'd suggest you have just the one .htpasswd file, and you control the users access via a AuthGroupFile, with the applicable: Require group xxxxxxx replacing your existing Require valid-user directives in the Location blocks, see:

http://httpd.apache.org/docs/2.2/mod/mod_authz_groupfile.html http://httpd.apache.org/docs/2.2/howto/auth.html

arober11
  • 417
  • 3
  • 6
  • If I replace my two AuthUserFile by two AuthGroupFile, the common user name will still need to be part of both group. So this solution won't prevent the common user name to be automatically logged-in for all locations without being prompted again for authentification. – greydet Dec 03 '12 at 19:52
  • No, you require just one User and one Group file on your platform, and if you really want to force them to re-submit their credentials then the second location needs to have a different **AuthName** to the first. – arober11 Dec 03 '12 at 21:20