|
|
 | Virtual Server Documentation |
Home | Getting Started | FreeBSD | Solaris | Handbook
User Authentication Manager
You can control access to a particular directory on your web server using
a concept commonly termed "user authentication". The "Basic"
user-authentication allows you to restrict access to users who can
provide a valid username/password pair. The User Authentication Manager
provides you with a web-based interface to set up password protected
directories and provides your clients with a web-based interface such
that they can change their passwords.
Before you install and use the User Authentication Manager on your
Virtual Server, you should make yourself
familiar with the definitions and directives that are associated
with user authentication. See the
NCSA User Authentication Tutorial.
Installation
To install the User Authentication Manager on your Virtual Server you
need to connect to your Virtual Server via Telnet or SSH
and run this command:
% vinstall htaccess
Configuration
In order to prevent anyone from accessing your User Authentication
Manager, yet still allowing yourself access with administrative
privileges, you need to add a Directory directive
to your web server's access configuration file. Specifically, you
need to append the following lines to your web server configuration file
(~/www/conf/httpd.conf).
<Directory /usr/local/etc/httpd/cgi-bin/library/htaccess>
AuthType Basic
AuthName "User Authentication Manager"
AuthUserFile /usr/local/etc/httpd/htpasswd/admin.passwd
<Limit GET POST>
require user admin
</Limit>
</Directory>
This directive limits access to the User
Authentication Manager (which is installed in your
~/www/cgi-bin/library/htaccess directory), allowing
only those clients that authenticate using the user name "admin".
The crypted password for the user "admin" is stored in the
~/www/htpasswd/admin.passwd file (this password file was
installed as part of the archive you untarred during installation). The
admin password is initially set to "5e5ame". You are strongly encouraged
to change this password which can be done by running these commands:
% cd
% htpasswd ~/usr/local/etc/httpd/htpasswd/admin.passwd admin
You will then be prompted for a new password and asked to retype your new password.
If you want to allow users to change passwords remotely (described below)
you will also need to be sure that the option ExecCGI is
added to the htdocs Directory definition. The htdocs
Directory definition is found in your
web server configuration file. In this file, locate the htdocs Directory
definition.... it should look something like:
<Directory /usr/local/etc/httpd/htdocs>
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", or "FollowSymLinks"
Options Indexes FollowSymLinks Includes
.
.
.
</Directory>
Modify the Options to include ExecCGI
(as shown below).
Options Indexes FollowSymLinks Includes ExecCGI
Accessing the User Authentication Manager
You can access the User Authentication Manager on your Virtual Server
by typing the following URL into the web browser of your choice:
http://YOUR-DOMAIN.NAME/cgi-bin/library/htaccess/htaccess.pl
You will be prompted for a user name and password before you can use
the User Authentication Manager. Use "admin" and the user name and
the password you selected during the configuration step above. After
you have authenticated, you will be prompted for either 1) a directory
that is currently password protected, or 2) a directory which you would
like to password protect. Enter the directory with respect to your
home directory, i.e. use "/www/htdocs/some/directory/" instead of
"/usr/home/LOGIN-NAME/www/htdocs/some/directory/".
-
If the directory previously was configured for authentication, the
User Authentication Manager will display the contents of the .htaccess
file in this directory in a web-based form. You can then add new
users or groups, remove current users or groups, change the password
of current users, or change the composition of current groups. You
will also see that the <Limit> definition(s) are
displayed in a web-based form.
-
If the directory you selected was not previously password protected.
The User Authentication Manager will create a default .htaccess file
in that directory and then display it in a web-based form. You can then
add new users and new groups as you desire.
The User Authentication Manager assumes that you have some
basic knowledge about .htaccess files. Should you find
that you need more information about specific features of the User
Authentication Manager, you should refer to the following URLs:
Allowing Users to Change Passwords Remotely
Before a user can be provided with the capability of changing his
or her password using the User Authentication Manager, you must first use
the User Authentication Manager to view or create a password protected
directory. This is outlined in the "Accessing your User Authentication
Manager" step above.
When you use the User Authentication Manager to
view or create the .htaccess in a directory, a few
changes are made to the file and directory contents. One such change
includes making a "shortcut" to the User Authentication Manager in that
directory. This "shortcut" is not too different than that you would
find on a Windows 95 or Macintosh desktop and does not impact your
disk usage in any significant way.
After you have accessed the directory using the User Authentication
Manager, you can now allow any user to change his or her password via a
web based form. The user need simply access the User Authentication
Manager "shortcut" that is copied into the directory. For example, you
might add something like this to the web content in the protected directory:
<a href="htaccess.pl">Change Your Password</a>
When your users access the User Authentication Manager in the directory,
the Manager will display a form which allows the user to change their
password.
| 
Click Here for Web Hosting Information & Pricing