Different Auth config in different <Location>'s

Hi,

I would like to configure the root <Location> with one Auth command-set
and another location below that tree with another Authorization,
overwriting the first one. Unfortnuately I dont know if thats possible,
and as far as i read the Docs
(http://httpd.apache.org/docs-2.0/sections.html#mergin) I think I have
no chance to do this with <Location> directives because the "<Location
/>" directive will always overwrite others.

Imagine a complex file structure beneath the URL paths - I dont want to
redundantly specify configuration directives for each single directory
in this filesystem but I want to specify my two Auth sections only once,
like this:

<Location />
AuthName "RootAuth"
AuthType Basic
AuthUserFile /etc/apache2/htpasswd
Require valid-user
</Location>

<Location "/path">
AuthName "SubAuth"
AuthType Basic
AuthUserFile /some/other/file
Require valid-user
</Location>

Having configured this and pointing my browser to http://server/path (or
/path/ or /path/index.html - this doesnt matter) brings up the RootAuth
first and then the SubAuth. What I actually want is no RootAuth but just
the SubAuth popping up because people surfing to /path should have no
access to /.

As far as I know and tried, this doesnt work and it also shouldnt,
according to that piece of documentation mentioned before. Does someone
know a solution for this? I can imagine this scenario is quite a
familiar one and I think there is at least a workaround for this
problem?

Johannes Herlitz <herlitz@rhrk.uni-kl.de> wrote:
<zap>
> Having configured this and pointing my browser to http://server/path (or
> /path/ or /path/index.html - this doesnt matter) brings up the RootAuth
> first and then the SubAuth

Of course it does. First you get the root and then you get the
subroot.

> know a solution for this? I can imagine this scenario is quite a
> familiar

Well... actually no. It isn't. But since, IIUC, the two things have to
be completely separated, why don't you use two different VHosts instead
of subdirectories?

Davide

--
| It is said that the lonely eagle flies to the mountain peaks while the
| lowly ant crawls the ground, but cannot the soul of the ant soar as
| high as the eagle?
|

> Well... actually no. It isn't. But since, IIUC, the two things have to
> be completely separated, why don't you use two different VHosts instead
> of subdirectories?

Unfortunately the two things are not completely independent from each other
because the users for / should also have access to /path, just like the unix
"root" user has full access to all files, beginning at / and a user joe
usually only has full access to all files starting at /home/joe

I also read in the documentation of apache that <Location> isnt intended to
restrict access with Auth... commands, we should use <Directory> directives
instead. So I think I have no choice but configuring <Directory> sections for
all underlying physical subtrees of the filesystem which can be accesses
through the URL /path....

"Johannes Herlitz" <herlitz@rhrk.uni-kl.de> schreef in bericht
news:40BF0127.C27489FC@rhrk.uni-kl.de...
> > Well... actually no. It isn't. But since, IIUC, the two things have to
> > be completely separated, why don't you use two different VHosts instead
> > of subdirectories?
>
> Unfortunately the two things are not completely independent from each
other
> because the users for / should also have access to /path, just like the
unix
> "root" user has full access to all files, beginning at / and a user joe
> usually only has full access to all files starting at /home/joe
Skip the htaccess in / and validate the superuser via each passwordlist ...
This makes the root unprotected, so disallow indexviews.

> I also read in the documentation of apache that <Location> isnt intended
to
> restrict access with Auth... commands,
In your initital post you wrote it was working, despite this documentation.

> we should use <Directory> directives
> instead. So I think I have no choice but configuring <Directory> sections
for
> all underlying physical subtrees of the filesystem which can be accesses
> through the URL /path....
As every user must have its own passwordlist, you had to do so with
Locations too ..

HansH