web:password-protected:authbyname
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | |||
| web:password-protected:authbyname [2017/12/18 15:50] – jas | web:password-protected:authbyname [2017/12/19 21:06] (current) – removed jas | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Authentication By System Usernames and Passwords or Groups====== | ||
| - | If you wish to authenticate users by system usernames and passwords or groups (ie. the usernames and passwords that people use to login to the system, or the groups that they are a member of), then you must follow these steps: | ||
| - | |||
| - | In the web directory that you wish to protect, create a .htaccess file with the following contents: | ||
| - | SSLRequireSSL | ||
| - | AuthType Basic | ||
| - | AuthName "Name of Web Area You Are Protecting" | ||
| - | AuthBasicProvider pam | ||
| - | |||
| - | If you wish to restrict access to ALL valid system accounts, add: | ||
| - | |||
| - | Require valid-user | ||
| - | |||
| - | If instead, you wish to restrict access to specific system accounts, add for each user: | ||
| - | |||
| - | Require user < | ||
| - | |||
| - | For simplicity, you can also add all users on one line: | ||
| - | |||
| - | Require user < | ||
| - | |||
| - | If you wish to restrict access to specific groups, add: | ||
| - | |||
| - | Require unix-group < | ||
| - | |||
| - | Again, for simplicity, you can list all the groups on one line: | ||
| - | |||
| - | Require unix-group < | ||
| - | |||
| - | If you only care about group alone, then you only need to add a " | ||
| - | |||
| - | By default, only one of the conditions needs to be met to provide access, so if you were to add: | ||
| - | |||
| - | Require valid-user | ||
| - | Require unix-group faculty | ||
| - | |||
| - | ... then ANY valid system user would be allowed in, or, any user who is in group faculty. | ||
| - | |||
| - | < | ||
| - | Require valid-user | ||
| - | Require unix-group faculty | ||
| - | </ | ||
| - | | ||
| - | Check file permissions on your .htaccess file and directory permissions on all directories leading up to .htaccess. | ||
| - | |||
| - | % chmod o+r .htaccess | ||
| - | |||
| - | CAUTION: This will also enable other users on the system to read your .htaccess file. | ||
| - | |||
| - | You will also need to ensure that all directories up to your .htaccess file are accessible by the web server. For example, if your .htaccess file is / | ||
| - | |||
| - | % chmod o+x / | ||
| - | % chmod o+x / | ||
| - | |||
| - | In order to better protect system usernames and passwords, the SSLRequireSSL directive in your .htaccess file only permits access to PAM authentication over https. Please DO NOT remove this directive. Access a secure web site, / | ||
| - | |||
| - | https:// | ||
| - | |||
| - | ... and not like this: | ||
| - | |||
| - | http:// | ||
| - | |||
| - | Note: Access to your secure page over http will yield a " | ||
| - | |||
| - | (optional) If you would like to automatically redirect http accesses to your page to the secure https version, add the following code to the .htaccess file that is in the directory above the one you are protecting: | ||
| - | |||
| - | ErrorDocument 403 / | ||
| - | |||
| - | That is, if you are protecting / | ||
| - | |||
| - | This code takes advantage of the fact that an error 403 (Forbidden) is produced when a user accesses your secure page via http. It redefines the error handler for " | ||
| - | |||
| - | Notes: | ||
| - | |||
| - | * A utility, mkhtaccess is available for helping you build your .htaccess file (steps 1 and 2 above). See the mkhtaccess page for details. | ||
| - | |||
| - | * Full details on Apache authentication can be found in the Apache authentication documentation. | ||
| - | |||
| - | * Always be careful when using your system username and password for accessing web pages. Only use it on sites that you trust. | ||
web/password-protected/authbyname.1513630220.txt.gz · Last modified: 2017/12/18 15:50 by jas