|
User Authentication Manager
You can control access to a particular directory on your web server using a concept commonly
termed user authentication. The Basic user-authentication allows you to restrict
access to users who can provide a valid username/password pair. The User Authentication
Manager provides you with a web-based interface to set up password protected directories and
provides your clients with a web-based interface such that they can change their passwords.
Before you install and use the User Authentication Manager on your Virtual Private
Server, you should make yourself familiar with the definitions and directives that are associated
with user authentication. See the
NCSA User Authentication
Tutorial.
Installation
To install the User Authentication Manager on your Virtual Private Server you need to connect to
your server via Telnet or SSH and run this
command:
% vinstall htaccess
Configuration
In order to prevent anyone from accessing your User Authentication Manager, yet still allowing
yourself access with administrative privileges, you need to add a Directory directive to
your web server's access configuration file. Specifically, you need to append the following lines
to your web server configuration file (~/www/conf/httpd.conf).
<Directory /usr/local/etc/httpd/cgi-bin/library/htaccess>
AuthType Basic
AuthName "User Authentication Manager"
AuthUserFile /usr/local/etc/httpd/htpasswd/admin.passwd
<Limit GET POST>
require user admin
</Limit>
</Directory>
This directive limits access to the User Authentication Manager (which is installed in your
~/www/cgi-bin/library/htaccess directory), allowing only those clients that authenticate
using the user name admin. The encrypted password for the user admin is stored in
the ~/www/htpasswd/admin.passwd file (which was created during installation). The admin
password is initially set to 5e5ame. You are strongly encouraged to change this password
which can be done by running these commands:
% cd
% htpasswd ~/usr/local/etc/httpd/htpasswd/admin.passwd admin
You will then be prompted for a new password and asked to retype your new password.
If you want to allow users to change passwords remotely (described below) you will also need to
be sure that the option ExecCGI is added to the htdocs Directory definition found in
your web server configuration file.
<Directory /usr/local/etc/httpd/htdocs>
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", or "FollowSymLinks"
Options Indexes FollowSymLinks Includes ExecCGI
.
.
.
</Directory>
Accessing the User Authentication Manager
You can access the User Authentication Manager on your server by using the following URL.
http://YOUR-DOMAIN.NAME/cgi-bin/library/htaccess/htaccess.pl
You will be prompted for a user name and password before you can use the User Authentication
Manager. Use admin and the user name and the password you selected during the configuration
step above. After you have authenticated, you will be prompted for either 1) a directory that is
currently password protected, or 2) a directory which you would like to password protect. Enter
the directory with respect to your home directory, i.e. use
/usr/local/etc/httpd/htdocs/some/directory/ instead of
/usr/home/LOGIN-NAME/www/htdocs/some/directory/.
If the directory previously was configured for authentication, the User Authentication
Manager will display the contents of the .htaccess file in this directory in a web-based
form. You can then add new users or groups, remove current users or groups, change the password
of current users, or change the composition of current groups. You will also see that the
<Limit> definition(s) are displayed in a web-based form. If the directory you selected was not previously password protected. The User
Authentication Manager will create a default .htaccess file in that directory and then
display it in a web-based form. You can then add new users and new groups as you desire.
The User Authentication Manager assumes that you have some basic knowledge about
.htaccess files. Should you find that you need more information about specific features of
the User Authentication Manager, you should refer to the following URLs:
Allowing Users to Change Passwords Remotely
Before a user can be provided with the capability of changing his or her password using the User
Authentication Manager, you must first use the User Authentication Manager to view or create a
password protected directory. This is outlined above.
When you use the User Authentication Manager to view or create the .htaccess in a
directory, a few changes are made to the file and directory contents. One such change includes
making a link to the User Authentication Manager in that directory. This link is not too different
than a shortcut that you would find on a Windows or Macintosh computer and does not impact
your disk usage in any significant way.
After you have accessed the directory using the User Authentication Manager, you can now allow
any user to change his or her password via a web based form. The user whould simply access the
User Authentication Manager from their directory. For example, you might add something like this
to the web content in the protected directory:
<a href="htaccess.pl">Change Your Password</a>
When your users access the User Authentication Manager in the directory, the Manager will
display a form which allows the user to change their password.
|