From: Rob McCool
Newsgroups: netscape.devs-nsapi
Subject: Re: require-auth only if pathcheck fails ?
Date: Wed, 13 Nov 1996 17:33:02 -0800
I'm not sure what you're asking for here, are you asking for the ability
to have an ACL which says "if a host is from outside this set of allowed
hosts, ask them for a username and a password using this custom
function"? If so, I can't think of any easy way to do this with the
way that the 2.0 ACLs work. You might be better off, especially if the
hostname check is fairly easy (something like "ends with foo.com"),
doing it yourself.
--Rob
Gerrit Thomson wrote:
>
> Hi Folks,
> I would like to use a custom authtrans only when the pathcheck using
> an acl fails.
> server = Enterprise v2.0c;
>
> given an acl.
> if ( remote host in acl )
> request authentication, ie. put up userid password prompt
> else
> give it to them.
>
> ..
> This is so a user on site has free access, but a user off site can use
> their local id and password to gain access.
>
> I have the custom authtrans function, your basic local password file
> check working. I then created an acl from the server forms. I tried to
> combine the two so that in the obj.conf fiel for the ppath object I have
> something like.
> AuthTrans fn="basic-auth" userdb="garbage" userfn="localpasswd-auth"
> auth-type="basic"
> PathCheck realm="Local Id and Passwword Required" fn="require-auth"
> auth-type="basic"
> PathCheck fn="check-acl"
> acl="httpd-wishingstar_formgen-READ-ACL_deny-5138"
> PathCheck realm="Local Id and Passwword Required" fn="require-auth"
> auth-type="basic"
> PathCheck fn="check-acl"
> acl="httpd-wishingstar_formgen-WRITE-ACL_deny-5138"
>
> ** Notice that there are two entries for my PathCheck for
> authentication. No authentication dialog appears.
>
> any help would be appreciated.
> Cheers,
> Gerrit Thomson.
--
Rob McCool, robm@netscape.com http://home.netscape.com/people/robm/
Stunt Programmer, Netscape Communications Corporation
It was working ten minutes ago, I swear...
Reproduced by permission of the author.