[olug] Deny user in Apache 2.0

Obi-Wan obiwan at jedi.com
Tue Mar 25 20:53:06 UTC 2008


I'm running Apache 2.0.52 on RedHat Enterprise Linux 4. Authentication
is done via samba/winbind to our Active Directory server, and is
working fine. I'm currently restricting access to a particular
directory to just a certain AD group with the following config:

	<Location "/">
		AllowOverride None
		AuthType Basic
		AuthName "Documentation"
		AuthPAM_Enabled on
		AuthPAM_FallThrough off
		Require group "domain\group1"
		Require group "domain\group2"
		Require user "domain\someuser"
	</Location>

Those two groups are rather large, and are used for many things on our
network. However, for this web server, I want to be able to exclude one
user from within group1. This user still needs access to all the other
stuff on the network that uses group1 for access control, so I can't
just remove him from the group. I also don't want to have to maintain
two separate, but nearly equal, groups.

Does Apache have any way to deny access to a particular username, even
if they've given valid credentials?

-- 
Ben "Obi-Wan" Hollingsworth                             obiwan at jedi.com
   The stuff of earth competes for the allegiance I owe only to the
     Giver of all good things, so if I stand, let me stand on the
       promise that You will pull me through.  -- Rich Mullins



More information about the OLUG mailing list