Server-Side Authentication: In-Class Exercise (26 October 2004)
Using Server-Side Authentication on Grace
The apache web server includes a program called htpasswd that allows you to create users and associated passwords for access restrictions on web directories. To password-protect a directory you need to do two things. First, use the htpasswd program to create a user and associated password in a world-readable file, and second, create an .htaccess file in the directory you want to restrict that references the password file.
If youve never created a password file before:
1. Create a directory in your home directory (not your www directory) to put the password file in.
1. Change the permissions on the directory you just created to 755
1. Make sure you're in the directory you just created, and run the htpasswd program with the -c flag to create a new password file. You can name your password file whatever you�d like, but I suggest "hiding" it by starting the name with a period. You also must specify a user name to include in the password file when you first create it. (You�ll be prompted for a password for that username.)
htpasswd -c password_file_name username
1. Change permissions on the new password file (whatever you put for password_file_name in the above command) to 644
If you have a password file, but want to add a new user to it:
1. Make sure you�re in the directory where the password file is located.
1. Run the htpasswd program without the -c flag, specifying the name of the existing password file, and the new username to add.
htpasswd password_file_name username2
To restrict a web directory to a user specified in the password file:
Create a world-readable file called .htaccess in the web directory you're protecting, with the following contents:
AuthUserFile /users/ritX/gX/yourid/pw_file_directory/pw_file_name AuthGroupFile /dev/null AuthName Whatever_You_Want AuthType basic require user username username2
The AuthUserFile path should be the full UNIX path to your password file. (To find the path, change to the directory the password file is in, and type 'pwd'.)
The AuthGroupFile should be left as /dev/null
AuthName is the label that will appear in the password prompt box; it can be whatever you�d like, but it cannot have spaces in it.
AuthType should be left as basic
Replace "username" in the last line with one or more users you've added to your password file using htpasswd. (The example uses two usernames.)
To restrict a web directory using DCE authentication:
On Grace, you can also use the .htaccess file to restrict access using DCE usernames rather than your own password file. You can only use DCE authentication through the secure (SSL) server, which means your page will have to be referenced using the https protocol, i.e. https://www.rit.edu/~abc1234/protected_directory/
To limit access to any RIT user with a valid DCE userid, use the following .htaccess syntax:
AuthDCE On AuthType Basic AuthName dce require valid-user
To limit access to only specific DCE user(s), use the following .htaccess syntax:
AuthDCE On AuthType Basic AuthName dce require user dceid1 dceid2
Excerpt: This is for today's in-class excercise. There is a protected directory at this URL, and you must log in with user: ted; password: blah to get in. once in this directory, you can try to go to random files and...
Read More: .htaccess
Excerpt: Here are my in-class exercises for server-side authentication:
http://www.rit.edu/~bld0973/409/exercises/dceaccess/
Read More: In-Class Exercise: Server-Side Authentication