Gentlemen, I appreciate your thoughts and suggestions. .htacces may be the easiest way to go for us.
The mod_authnz_ldap looks to be a bit hairy. Last thing I want to do it keep track of ldap attributes as it looks very granular in detail. Thank you for all our suggestions and I wish my boss would give me the time to actually work this out. Thank You, Chris Cheltenham SwainTechs / HHS Cell# 267-586-2369 -----Original Message----- From: Neil Sabol [mailto:nssa...@unm.edu] Sent: Monday, March 30, 2015 12:06 PM To: cas-user@lists.jasig.org Subject: RE: [cas-user] mod_auth_cas Hi Chris, Building on Milt's suggestion, would .htaccess files in each directory you want to allow specific users access to work? We run a pretty centralized webserver environment but allow auth overrides for our site owners (in the global Apache config). This way, our users can create .htaccess files (example below) to restrict access to directories they control without us making changes to the global config. There are probably better (and less performance impactful) ways. Example: User1 User2 wwwroot/Directory1 wwwroot/Directory2 If we want User1 and User2 to have access to Directory1, we would place the following in a .htaccess file in Directory1: AuthType CAS require user User1 require user User2 If we want only User2 to have access to Directory2, we would place the following in a .htaccess file in Directory2: AuthType CAS require user User2 If you need to "nest" permissions, you can user Satisfy Any to break up the "inheritance" (Apache reads through .htacccess files from the requested dir back to the root of the site) - so if a .htaccess file is in /dir/dir1, a request for /dir/dir1/dir2/dir3 would be allowed/disallowed based on the user(s) found in .htaccess in dir1. Not sure if that is what you are looking for but figured I would share. Thanks, -Neil -----Original Message----- From: mepst...@mepstein0.ncsa.illinois.edu [mailto:mepst...@mepstein0.ncsa.illinois.edu] On Behalf Of Milt Epstein Sent: Sunday, March 29, 2015 3:11 PM To: cas-user@lists.jasig.org Subject: Re: [cas-user] mod_auth_cas What exactly are you trying to do, and what have you tried so far? You should just be able to use appropriate "Require" directives, such as "Require valid-user" or "Require user username" (where "username" is a valid username). Milt Epstein Programmer in Computational Genomics Institute for Genomic Biology (IGB) University of Illinois at Urbana-Champaign (UIUC) mepst...@illinois.edu On Sun, 29 Mar 2015, Chris Cheltenham wrote: > > Hello Everyone, > > Does anyone who uses mod_auth_cas know how to configure mod_auth_cas to > segregate specific users from getting to some pages but allow them to others? > > So far, I ahev only figured out how to allow everyone who authenticates to > get to the the page / dir called in the config file. Not just some people can > see a page and some cannot. > > > > Thank You, > > Chris Cheltenham > SwainTechs / HHS > > Cell# 267-586-2369 > > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > mepst...@illinois.edu To unsubscribe, change settings or access > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: nssa...@unm.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: cchelten...@swaintechs.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user