On Fri, Sep 3, 2021 at 16:21 Orendt, John
<john.p.ore...@medtronic.com.invalid> wrote:
> Hi Tom
>
...
>
These two techniques can be used separately or together.
>
When both password and client cert are used it could be called two factor
> authentication.
>
> Any of the above combinations are supported by httpd.
>
Thanks, John. But can I allow EITHER method to be used to access the SAME
directory? Do I have to provide a different path to the same landing point?
I definitely do NOT want two-factor authentication.
Answering my own question, I think the easy way out is to duplicate the TLS
cert "directory" into, say, "directory2" and provide password access to it.
That way the user with a cert selects one menu item ('Cert acccess') and
the user with only a password selects 'Password access'.
But if anyone can show the Apache code for doing that without the
duplication of the cert-protected directory that would be great.
Thanks again, John.
-Tom
