Hi,
I need to solve the following problem....
Given a web site, I need to authenticate in two leveles; a global and
user level.
ie accessing the web site (say www.abc.com) itself requires one
authentication and
then descending down to special areas I need to authenticate again.
for example (www.abc.com/reports)
For the first level, I'm using .htaccess with a Basic AuthType like
AuthName global
AuthType Basic
<Limit>
require valid-user
</Limit>
This allows a user to access a global area where no-good stuff is
presented (ie less
secure, think lobby of a company)
I then would like to impose restrictions on various functionalities
below that, but to
avoid someone bypassing me, at any point in the tree, I'd like to check
for two pieces
of information;
1- Did you come in thru the front door? (ie show me the password for
'global' realm)
2- What is your username and password for this special area?
I understand with mod_perl I can have multiple access control
handlers....but before I get
there, can I just use .htaccess to achieve this. For example, can I put
two AuthName in my
.htaccess such as
AuthName global
AuthName username
AuthType Basic
<limit>
requrie valid-user
</limit
In fact the ultimate for me would be to inherit from parent node and
simply add more AuthName
down a tree...this way I can achieve N level. So I can manage
1- Did you come in thru the front door
2- Did you get to the engineering thru the offical door
3- Did you get to the testing area thru the official door
4- what is your username/password to access this equipment
Sorry if the analogy is lame...but you get the idea...
--
=======================================================================
Medi Montaseri, [EMAIL PROTECTED], 408-450-7114
Prepass Inc, IT/Operations, Software Eng.
=======================================================================
