EECS Technical Database

User Tools

Site Tools

You are here: Technical Database » Web Publishing including Protected Areas » Protecting Web Areas » Authentication By Passport York Usernames and Passwords
Trace: Numbered Headline Plugin Authentication By Passport York Usernames and Passwords
web:webprotect:authbyppy

This is an old revision of the document!

Authentication By Passport York Usernames and Passwords

If you wish to authenticate users by Passport York usernames and passwords, then you must follow these steps:

In the directory you wish to protect, create an .htaccess file with the following contents: 

AuthType PYork
AuthName "Name of Web Area You Are Protecting"
PYorkAppID "EECS App"

If you wish to restrict access to any Passport York user, add: 

Require valid-user

If instead, you wish to restrict access to specific PPY accounts, add for each user: 

Require user <user>

For simplicity, you can also add all users on one line: 

Require user <user1> <user2> ... <userN>

If you wish to allow anyone who has a PPY account - not just students and employees, then add: 

PYorkAllowEveryone on

The Passport York module will provide different information to you depending on whether it's run from your home directory, or in the course web directory. If used in your home directory, you can access the HTTP_PYORK_USER variable which contains the username of the PPY user. This is also available as REMOTE_USER. If you enable Passport York account to a course directory,you will have access to additional variables including:

  • HTTP_PYORK_CYIN = staff/student number
  • HTTP_PYORK_FIRSTMAME = first name and initial
  • HTTP_PYORK_SURNAME = last name and initial
  • HTTP_PYORK_EMAIL = York Email
  • HTTP_PYORK_TYPE = type of account (eg. EMPLOYEE:STAFF)

NOTE: Temporarily, in order to access these additional variables, you will need to enable “PYorkAllowEveryone on” above.

You should include a link on your page that allows users to logout of Passport York:

https://passportyork.yorku.ca/ppylogin/ppylogout

Check file permissions on your .htaccess file and directory permissions on all directories leading up to your .htaccess file.

At a minimum, your .htaccess file must be readable by the web server, which runs as user “www”: 

% chmod o+r .htaccess

CAUTION: This will enable other users on the system to also read your .htaccess file.

You will also need to ensure that all directories up to your .htaccess file are accessible by the web server. For example, if your .htaccess file is /eecs/home/example/www/.htaccess: 

% chmod o+x /eecs/home/example
% chmod o+x /eecs/home/example/www

Always be careful when using your Passport York username and password for accessing web pages. Only use it on sites that you trust.

web/webprotect/authbyppy.1513903181.txt.gz · Last modified: 2017/12/21 19:39 by jas
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki