Apache / mod_auth: use both require group and require user

Posted on October 28, 2011 by Dae

Consider the following configuration in .htaccess/httpd.conf (or wherever):

AuthName "My Super Secret Area"
AuthType Basic
AuthUserFile /path/to/htpasswd
AuthGroupFile /path/to/htgroup
Require group bestmates
Require user randomguy

Where user randomguy does not belong to the group bestmates.

By default mod_auth of Apache 2.2 would allow only users from bestmates to authenticate, and randomguy won’t have access because he doesn’t belong to the group. In other words, require user directive would be entirely ignored.

To allow both group and user, simply add AuthzGroupFileAuthoritative Off to your configuration (.htaccess/httpd.conf or wherever).

All kudos for the find goes to user newmanium2001 from LinuxQuestions.org.

This entry was posted in Solutions and tagged , . Bookmark the permalink.

2 Responses to Apache / mod_auth: use both require group and require user

  1. poiuytrez says:
    April 4, 2012 at 15:41

    Works for me with AuthzUserAuthoritative !

    Reply
  2. Abhner says:
    July 10, 2014 at 16:14

    AuthzUserAuthoritative works with me too

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *