I've got a domain and several sub-domain names that need authentication to gain access to. I'm presently using mod_auth to authenticate customers (mod_auth fundamental) in the domain.tld level. Transpire is perfect for single sign-on between your domain and all sorts of the sub-domain names.

Will these qualifications carry onto the sub-domain names instantly, or having a simple vhost config change, or it is possible to better method to get this done?


Browsers distinguish areas that need HTTP authentication by a mix of the URL root and also the title from the authentication realm.

Take for instance, two domain names each having a realm with similar title:

http://one.example.com/ with the realm "Please enter credentials!"
http://two.example.com/ with the realm "Please enter credentials!"

First a person visits one, is requested qualifications and makes its way into them. Then your user visits two, the browser sees that the URL differs and therefore asks again the consumer on her qualifications.

This can be a positive thing, because otherwise www.badguy.com could arrange it to ensure that your browser transmits over your web banking login.

In a nutshell: there's not a way to resolve your condition with fundamental HTTP authentication and standard HTTP clients.


You could utilize mod_auth_digest rather, owing to that you could specify several URI to stay in exactly the same "protection space". However, with this particular authentication method you will find two new problems:

  1. It does not scale perfectly, since you cannot use wildcard domain names.
  2. Browser compatibility isn't as good. (See the documentation regarding how to have great results with IE.)