On Fri, Sep 3, 2021 at 16:21 Orendt, John <john.p.ore...@medtronic.com.invalid> wrote:
> Hi Tom > ... > These two techniques can be used separately or together. > When both password and client cert are used it could be called two factor > authentication. > > Any of the above combinations are supported by httpd. > Thanks, John. But can I allow EITHER method to be used to access the SAME directory? Do I have to provide a different path to the same landing point? I definitely do NOT want two-factor authentication. Answering my own question, I think the easy way out is to duplicate the TLS cert "directory" into, say, "directory2" and provide password access to it. That way the user with a cert selects one menu item ('Cert acccess') and the user with only a password selects 'Password access'. But if anyone can show the Apache code for doing that without the duplication of the cert-protected directory that would be great. Thanks again, John. -Tom