我有2个Active Directory组,即group1和group2,并且我已经配置了httpd.conf以允许group1访问URL:8443。但是,当我使用来自group2的用户访问URL:8443时,它将提示BASIC身份验证。如何禁用BASIC身份验证提示?
<VirtualHost *:8443>
AllowOverride None
Options None
AuthName "Test"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain TESTDOMAIN
<RequireAll>
<RequireAny>
require sspi-group TESTDOMAIN\group1
</RequireAny>
<RequireNone>
Require user "ANONYMOUS LOGON"
</RequireNone>
</RequireAll>
</VirtualHost>
我查看了httpd的错误日志文件,可以看到每当我从group2登录到用户时,它将打印
[authnz_sspi:error]access to /url/app.html failed, reason TESTDOMAIN\user2 does not meet requirements for user to be allowed access
[authz_core:error] user TESTDOMAIN\user2 authorization failure for /url/app.html
是authz_core提示基本身份验证吗?如何禁用基本身份验证的提示?
答案 0 :(得分:0)
我通过在httpd.conf中将 AuthzSendForbiddenOnFailure开启来解决了该问题。希望它对与我面临同样问题的任何人都有用。