Is it possible to grant network access or HTTP access based on a user's group?
At my company we want to set up an internal composer server using Satis to manage packages for the projects we write (e.g. on repository.mycompany.com), with the packages themselves in our SVN server (svn.mycompany.com). We have several webservers with many different users on them. Some users should be able to reach the composer and SVN server. Some should not. Users that should be able to reach these servers all belong to the same group.
How can I set up Apache on the Composer and SVN server to only grant access to those users in that group? Alternatively, can I set up the webservers in such a way that only users from that group are able to make a connection to our Composer and SVN servers?
The best thing we have come up with so far is using SSL client certificates. We simply place a client certificate on all servers which can be used to access Composer and SVN. Only the right usergroup will have read access to the certificate. A bit clunky but it may work. But I'm looking for something better.
If you are talking about remote users, then this is tricky - HTTP authentication does not depend upon the Unix authentication/authorization system.
mod_auth_pam provided the functionality you need but is no longer being developed and doesn't work in apache>2.1 meaning you'd have to use a pwauth based solution - you'll also need to configure a custom pam stack to restrct access to the nominated group(s)