|Apache AuthBasic Letting more than 1 user in|
HI -I just reread [httpd.apache.org...]
apache Authenticaion, Authorization, and Access.
When one uses Auth Basic it says -
"The directives above only let one person (specifically someone with a username of rbowen) into the directory. In most cases, you'll want to let more than one person in. This is where the AuthGroupFile comes in."
1. I understand that the directory is protected with a userid of rbowen, and a password, and that if one does not set up a group file then only that userid and password can log in.
It does not say if this userid/password can be used at the same time, by multiple people to login to the directory during the same time period? (That is, the directory is protected - and everyone is using the same userid/password & people don't have individual logins.) Is this true?
OR, another possibility - if person A is logged in with rbowen, then no-one else can login with rbowen until the Person A logs out?
Which one is true?
The credentials are sent with every http request, so there isn't really a "log in" involved. Multiple users can use the same log-in credentials at the same time.
Reply, thank you for the answer.
If I go forward, as stated in the Apache documentaion and set up a group file ---
1. for 300 persons that I want to give the following ability to: click on emailed URLs so that they can view documents residing in the directory that I have protected with my .htaccess file.
2. I would set it up (I have to go back and look at the Apache auth doc) - but I think it would be with a userid / passwd, idividually for all the people, rather then all of them using the rbowen login credential.
3. Can I assume based on how you mentioned 'login credential' that each person becomes 'authorized' via being able to enter their userid and passwd - to view the file, copy it off, print it (whatever).
3. However, since these people never went through an 'authentication' procedure, such as a 'login' to the unix side, they are not 'unique'.
That is, even with a group file containing credentials for 300 persons; there can still be 2 Deb's authorized at the same time to view the file. (Just like there could have been multiple 'rbowen's viewing the file.
If one set up a group file for let's say 300 potential users - these users don't reside in the unix passwd file - because they don't intereact with the machine in that fashion. I want to
Is there a reason you don't want to use a cookie based auth system?
[edited by: Demaestro at 10:14 pm (utc) on Jan. 7, 2009]
From my days as a unix admin, I 'think' ;-) I have some 'clue' about controlling a directory. I don't have as much html programming, web development experience. I currently have no idea how to program a cookie into a web page. I sort of go in the direction I have some inkling about. Is a cookie something I program in - or is it something I ask Apache to implement for a web page? Are cookies used for basic html/css type pages - no sql - no php, etc.
ARe you saying something like - Deb tries to view the file - gets auhorized via apache - then I get a cookie - therefore I can become a unique Deb?
Did that make sense?
A cookie based system would require some coding outside of Apache with some server side scripting like PHP or Python.
Basically it would go like this....
Deb goes to an HTML login page, after a correct login your login method would set a cookie with a unique username. Then Deb requests a file from a private directory only accessible by a PHP/Python method. That method checks for the cookie and verifies the cookie, then fetches the file. So Deb would never get actually get access to that directory, but a method with access to that directory can serve the files.