Hi,
during a test migration from 2.2 to 2.4 I noticed, that the new AAA does
not allow to combine ip based AAA with user based.
The goal: allow access if either client ip address satisfies conditions
or user authenticates via basic auth.
Until 2.2 one could use "Satisfy Any". The resulting config first
checked the ip, and only prompted via basic auth, if the ip was not allowed.
In 2.4, *without* using the deprecated "Satisfy" via mod_access_compat,
you will always be prompted by basic auth, because the ip addresses are
only used during authz which comes after authn.
Is there any solution known to this? Should there be one? Would it make
sense to not deprecate "Satisfy" because of this?
Regards,
Rainer
- How to combine IP and user based AAA without Satisfy? Rainer Jung
-
