Server-Side Authentication: In-Class Exercise (posted 2 February 2004)
Using Server-Side Authentication on Grace
The apache web server includes a program called htpasswd that allows you to create users and associated passwords for access restrictions on web directories. To password-protect a directory you need to do two things—first, use the htpasswd program to create a user and associated password in a world-readable file, and second, create an .htaccess file in the directory you want to restrict that references the password file.
If you’ve never created a password file before:
- Create a directory in your home directory (not your www directory) to put the password file in.
- Change the permissions on the directory you just created to 755
- Make sure you’re in the directory you just created, and run the htpasswd program with the -c flag to create a new password file. You can name your password file whatever you’d like, but I suggest “hiding” it by starting the name with a period. You also must specify a user name to include in the password file when you first create it. (You’ll be prompted for a password for that username.)
htpasswd -c password_file_name username - Change permissions on the new password file (whatever you put for password_file_name in the above command) to 644
If you have a password file, but want to add a new user to it:
- Make sure you’re in the directory where the password file is located.
- Run the htpasswd program without the –c flag, specifying the name of the existing password file, and the new username to add.
htpasswd password_file_name username2
To restrict a web directory to a user specified in the password file:
Create a world-readable file called .htaccess in the web directory you’re protecting, with the following contents:
AuthGroupFile /dev/null
AuthName Whatever_You_Want
AuthType basic
require user username username2
The AuthUserFile path should be the full UNIX path to your password file. (To find the path, change to the directory the password file is in, and type “pwd”.)
The AuthGroupFile should be left as /dev/null
AuthName is the label that will appear in the password prompt box; it can be whatever you’d like, but it cannot have spaces in it.
AuthType should be left as basic
Replace “username” in the last line with one or more users you’ve added to your password file using htpasswd. (The example uses two usernames.)
To restrict a web directory using DCE authentication:
On Grace, you can also use the .htaccess file to restrict access using DCE usernames rather than your own password file. You can only use DCE authentication through the secure (SSL) server, which means your page will have to be referenced using the https protocol, i.e. https://www.rit.edu/~abc1234/protected_directory/
To limit access to any RIT user with a valid DCE userid, use the following .htaccess syntax:
AuthType Basic
AuthName dce
require valid-user
To limit access to only specific DCE user(s), use the following .htaccess syntax:
AuthType Basic
AuthName dce
require user dceid1 dceid2
Missed reading the instructions ...hmm...sorry to trouble the tutor
Excerpt: I created three protected directories that are protected using the three methods described on the Prof's site.For protected #1 you can use mittens/meow as the username and password.For protected #2 you can use your DCE login.For protected #3 you can...
Read More: Service-side authentication
Guess what, I put an .htaccess on one directory so that it could be accessed only with my own dce account. All my formatting didn't work. My CSS didn't work at all.
I was thinking that maybe I messed with my css but to double check that I just removed the .htaccess. I was surprised to know that it was the culprit.
Does anyone has any idea why???
Excerpt: server side authentication tutorial...
Read More: server side authentication
Trackback Link: http://www.it.rit.edu/~ell/mt/mt-tb.cgi/786