Hi,
I now use postgres for user authentication via mod_auth_pgsql 0.9.5a for
several months without any problem. I simply used this .htaccess file on
my webserver:
Auth_PGhost localhost
Auth_PGport 5432
Auth_PGdatabase mydb
Auth_PGuser myuser
Auth_PGpwd mypwd
Auth_PGpwd_table accounts
Auth_PGuid_field account_uid
Auth_PGpwd_field account_webpwd
Auth_PGpwd_whereclause " and enabled = true"
Auth_PG_encrypted off
AuthName "realm for my domain"
AuthType Basic
<Limit GET PUT>
require valid-user
</Limit>
Now a customer asked me to let intranet users (IP 192.168.x.x) come in
without username/password. I then modified my LIMIT directive as
follows:
<Limit GET PUT>
order deny,allow
deny from all
allow from 192.168
require valid-user
satisfy any
</Limit>
But, the effect now is that the password mechanism is completely
defeated: anyone can now login from any address. Obviously
authentication via mod_auth_pgsql ceases to work as soon as there is a
satisfy directive.
Is this a known problem?
Thanks in advance for any help or suggestion
--Marcel
