Combining host and password restriction

You may wish to combine the two methods of authentication. Using our group project example, you might want to allow access to any group member who is either on the list of accepted domain-names and/or IP addresses OR can provide a valid name and password. That way, if the group members aren't at their own computers, they can still access the directory by supplying a password. Note: not all servers support this feature. You'll have to try it to find out.

Getting some satisfaction

To combine the two methods, you will need to use the satisfy command. It has two options: any or all. To create the situation described above for your group members, you would do this:

	AuthUserFile /otherdir/.htpasswd
	AuthGroupFile /dev/null
	AuthName My Secret Stuff
	AuthType Basic

	order deny,allow
	deny from all
	allow from 
	require user buddy zippy
	satisfy any

This will allow the user to either gain access by using your computer or by logging on as buddy or zippy. The other use of satisfy would be for something like this:

	AuthUserFile /otherdir/.htpasswd
	AuthGroupFile /dev/null
	AuthName My Secret Stuff
	AuthType Basic

	order deny,allow
	deny from all
	allow from 
	require user buddy zippy
	satisfy all

This would require the user to be both on your computer and to enter a correct password for buddy or zippy. If they can't meet these criteria, they get an error message and they do not get access to your files.

For more information

For more information on some of the other advanced uses of user authentication, check out the resources page.

Justin R. Miller / justin@openup.com / 04.17.98