10.6. Mix and match: Location and Authentication

This brief section shows how the two mechanisms for controlling access, location and identification, inter-operate. Specifically, there is a common desire in the University to grant passwordless access from within the department or cam.ac.uk domain and passworded access otherwise.

Suppose we wanted our website to be accessible from cam.ac.uk without a password and with Raven authentication from elsewhere.

<Directory /srv/www/WWW/bestiary>
  Order         Allow,Deny
  Allow         from cam.ac.uk
  AuthType      Ucam-WebAuth
  AuthGroupFile /etc/apache2/access/group
  Require       group managers
  Satisfy       any

The two worlds of access control are joined by the Satisfy command. This has two possible options: Any and All. Satisfy Any requires the request to satisfy either the location requirement or the authentication requirement. Satisfy All would require it to satisfy both.