Apache Auth: Using Require User and Require Group
 

Hi

I've been all over the apache documentation and Google and I keep ending up at the same pages. I'm wondering if anyone here would have some insight into this pesky little problem.

I have Apache plugged into Winbind with mod_auth_pam. It works great if I use either the "Require user <some guy>" or "require group <group of guys>".

However, it would be ideal if I could use both of these options at once ... allow a few specific users, plus this huge group as well. This isn't working though. It's saying "access to /test1 failed, reason: user 'someguy' does not meet 'require'ments for user/valid-user to be allowed access"

Obviously it's saying this because while "someguy" is in the allowed group, he's not in the allowed user list. Is there some way to incorporate a SatisfyAny into this? Any way at all to use both of these options at once? I need some sort of logical OR here ... doesn't seem like it would be this hard.

Ah! Answered my own question, though it wasn't easy. I pretty much just guessed right. Added the line AuthzUserAuthoritative off to my config. This then says that any users listed in "Require user someguy anotherguy" are allowed, but are not required to be members of the "Require group groupofguys"

Here's my Directory directive (what?!) for example:

<Directory "/var/www/html/test1">
AuthPAM_Enabled on
AuthType Basic
AuthzUserAuthoritative off
AuthName "Login"
Require group agroupofguys
Require user someguy
Options Indexes FollowSymLinks
AllowOverride None

Order allow,deny
Allow from all

</Directory>