问题
Can I have two AuthUserFile directives in an apache2/sites-enabled/000-default configuration file?
<Location /repo/trac>
AuthType Basic
AuthName "Trac"
AuthUserFile /etc/apache2/passfile1
AuthUserFile /etc/apache2/passfile2
Require valid-user
</Location>
I want username/password for two types of users.
- DEV - can access SVN and Trac
- NOM - can only access Trac
I have two options: keep separate password files for Trac and Svn and include them separately, or have 2 password files in 1 I put DEV in other NOM and include only 1 for svn and include two under trac location.
回答1:
You should move everything into a single password file and then use groups to control access to particular resources. You can create /etc/apache2/groups with contents along the lines of:
DEV: bob alice
NOM: norm fred bart
And then modify your configuration so it looks like this:
<Location /repo/trac>
AuthType Basic
AuthName "Trac"
AuthUserFile /etc/apache2/passfile
AuthGroupFile /etc/apache2/groups
Require group DEV NOM
</Location>
This would allow members of the DEV and NOM groups to access this resource.
If you really want to use multiple password files, see the documentation for mod_authn_alias, which has an example that does exactly this.
回答2:
From the documentation, you can in fact have multiple passwords files. The trick is to use AuthnProviderAlias
https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html
<AuthnProviderAlias file file1> AuthUserFile "/www/conf/passwords1" </AuthnProviderAlias> <AuthnProviderAlias file file2> AuthUserFile "/www/conf/passwords2" </AuthnProviderAlias> <Directory "/var/web/pages/secure"> AuthBasicProvider file1 file2 AuthType Basic AuthName "Protected Area" Require valid-user </Directory>
https://httpd.apache.org/docs/2.4/en/mod/mod_auth_basic.html#authbasicprovider
Providers are queried in order until a provider finds a match for the requested username, at which point this sole provider will attempt to check the password. A failure to verify the password does not result in control being passed on to subsequent providers.
来源:https://stackoverflow.com/questions/10540621/is-it-possible-to-have-two-password-files-in-apache2