Differences

This shows you the differences between two versions of the page.

--- web:password-protected:authbyppy [2017/12/19 21:22] – jas
+++ web:password-protected:authbyppy [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
@@ Line 1: / Line 1: @@
-====== Authentication By PassportYork Usernames ======
-UNDER CONSTRUCTION
-If you wish to authenticate users by PassportYork usernames and passwords:
-In the directory you wish to protect, create a .htaccess file with the following contents:
-  AuthType Basic
-  AuthName "Name of Web Area You Are Protecting"
-  AuthType PYork
-  Require valid-user
-  PYorkAllowEveryone on
-  PYorkAppID "your-app-name"
-AuthUserFile /eecs/home/example/private/webpasswd
-If you wish to restrict access to any user-defined account, add:
-  Require valid-user
-If instead, you wish to restrict access to specific user-defined accounts, add for each user:
-  Require user <user>
-For simplicity, you can also add all users on one line:
-  Require user <user1> <user2> ... <userN>
-If you wish to restrict access to user-defined groups, add:
-  AuthGroupFile /eecs/home/example/private/webgroups
-For each group that you wish to allow, add:
-  Require group <group>
-Again, for simplicity, you can list all the groups on one line:
-  Require group <group1> <group2> ... <groupN>
-If you only care about group alone, then you only need to add a "Require group" directive.  In this case, you don't need "Require user".
-By default, only one of the conditions needs to be met to provide access, so if you were to add:
-  Require valid-user
-  Require group guest
-... then ANY valid system user would be allowed in, or, any user who is in group guest.  If you want to just allow in users who are in group guest, then include only the "Require group guest" line.  Alternatively you can use a "SatisfyAll" block like this:
-  <SatisfyAll>
-    Require valid-user
-    Require group guest
-  </SatisfyAll>
-Check file permissions on your .htaccess file and directory permissions on all directories leading up to your .htaccess file.
-At a minimum, your .htaccess file must be readable by the web server, which runs as user "www":
-  % chmod o+r .htaccess
-CAUTION: This will enable other users on the system to also read your .htaccess file. file.
-You will also need to ensure that all directories up to your .htaccess file are accessible by the web server. For example, if your .htaccess file is /eecs/home/example/www/.htaccess:
-  % chmod o+x /eecs/home/example
-  % chmod o+x /eecs/home/example/www
-(optional) You may wish to restrict access to your page to encrypted http (https) only. This will ensure that all usernames and passwords sent to your site over the web will be encrypted. In order to do this, add the following line to the top of your .htaccess file:
-  SSLRequireSSL
-Now, if an http user tries to access your site, they will get a "Forbidden" message.
-If, instead, you would like to automatically redirect any http accesses to your page to https, add the following to your .htaccess file instead of the SSLRequireSSL line above:
-  RewriteEngine On
-  RewriteCond %{SERVER_PORT} !^443$
-  RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
-Notes:
-  * A utility, mkhtaccess is available for helping your build your .htaccess file (steps 1 and 2 above). See the mkhtaccess page for details.
-  * Full details on Apache authentication can be found in the Apache authentication documentation.
-  * Please refrain from using your system password in a user-defined password file. The files must be readable by everyone on the system in order to be available to the web server.