This brief section shows how the two mechanisms for controlling access, location and identification, inter-operate. Specifically, there is a common desire in the University to grant passwordless access from within the department or cam.ac.uk domain and passworded access otherwise.
Suppose we wanted our website to be accessible from cam.ac.uk without a password and with Raven authentication from elsewhere.
<Directory /srv/www/WWW/bestiary> Order Allow,Deny Allow from cam.ac.uk AuthType Ucam-WebAuth AuthGroupFile /etc/apache2/access/group Require group managers Satisfy any </Directory>
The two worlds of access control are joined by the
Satisfy command. This has two possible
options: Any
and All
.
Satisfy Any requires the request to
satisfy either the location requirement or the authentication
requirement. Satisfy All would require
it to satisfy both.