Apache Question regarding Authentication

Apache Question regarding Authentication

Post by Guntram Leuprech » Wed, 10 Nov 1999 04:00:00



Dear Reader,

I'm quite familiar with Apache's Authentication mechanisms using the
AuthName, AuthGroupFile, AuthUserFile, AuthType, ... directives, the
.htaccess files
<Limit> sections and so on.

But what I do NOT know and need is the following:

On an Unix machine, there is a database which shall be
"used" with a WebBrowser, activating some CGI-Scripts.
Every user has an Account on this Unix machine, due to
various reasons.

I want the Apache Server to use THESE Accounts, so the
user does NOT need to have two "logins", the web and the
Unix login. If he changes the Unix password, for example
in a telnet session, the Web password should automatically
be changed, too.

I don't want to have a password file in conjunction with the
AuthUserFile directive, the Unix /etc/passwd should be used
instead.

Can anyone give me some hints?

Guntram

PS. I check this newsgroup often, but a "Cc" to

 
 
 

Apache Question regarding Authentication

Post by Joshua Sliv » Wed, 10 Nov 1999 04:00:00



> On an Unix machine, there is a database which shall be
> "used" with a WebBrowser, activating some CGI-Scripts.
> Every user has an Account on this Unix machine, due to
> various reasons.
> I want the Apache Server to use THESE Accounts, so the
> user does NOT need to have two "logins", the web and the
> Unix login. If he changes the Unix password, for example
> in a telnet session, the Web password should automatically
> be changed, too.
> I don't want to have a password file in conjunction with the
> AuthUserFile directive, the Unix /etc/passwd should be used
> instead.

For why you shouldn't do this, see
http://www.apache.org/docs/misc/FAQ.html#passwdauth

If you still think it is a good idea, then there are a couple
implimentations available at http://modules.apache.org/

--
Joshua Slive

http://finance.commerce.ubc.ca/~slive/

 
 
 

Apache Question regarding Authentication

Post by Stephen Forbe » Wed, 10 Nov 1999 04:00:00



>Dear Reader,

>I'm quite familiar with Apache's Authentication mechanisms using the
>AuthName, AuthGroupFile, AuthUserFile, AuthType, ... directives, the
>.htaccess files
><Limit> sections and so on.

>But what I do NOT know and need is the following:

>On an Unix machine, there is a database which shall be
>"used" with a WebBrowser, activating some CGI-Scripts.
>Every user has an Account on this Unix machine, due to
>various reasons.

>I want the Apache Server to use THESE Accounts, so the
>user does NOT need to have two "logins", the web and the
>Unix login. If he changes the Unix password, for example
>in a telnet session, the Web password should automatically
>be changed, too.

>I don't want to have a password file in conjunction with the
>AuthUserFile directive, the Unix /etc/passwd should be used
>instead.

>Can anyone give me some hints?

>Guntram

>PS. I check this newsgroup often, but a "Cc" to


Surely your .htaccess file should point to /etc/passwd to look for passwords
and logins then. it uses the same encryption as Apache(?)

Steve

 
 
 

Apache Question regarding Authentication

Post by Nick K » Thu, 11 Nov 1999 04:00:00


Quote:> Surely your .htaccess file should point to /etc/passwd to look for passwords
> and logins then. it uses the same encryption as Apache(?)

                      ^^^^
That "uses" should be qualified with "usually" - though few machines
these days actually keep the passwords in /etc/passwd.

You'd need a quick hack to truncate the passwd entries at the second colon,
too.  That's after reading what's wrong with this approach in the first place.

--
Nick Kew

 
 
 

Apache Question regarding Authentication

Post by Alan J. Flavel » Thu, 11 Nov 1999 04:00:00



> That's after reading what's wrong with this approach in the first place.

IIRC, the Apache doc says you lose all your accumulated guru points...
 
 
 

1. apache authentication question

Say I have a directory called "fruits" with files "apple", "banana",
"canteloupe", and so forth.

I want to require http basic auth on all files in the directory EXCEPT
"banana".

Can anyone suggest a way to do that, aside from making a <files> block
in the directory's .htaccess, containing the names of every file in
the directory except "banana"?  It's ok if the content served for a
"banana" request are somewhere else in the filesystem.  It's ok to
modify the parent directory's .htaccess or the server's httpd.conf to
make this happen.

The obvious things I've tried, like a rewrite rule on "fruits/banana"
in "fruits"'s parent directory, or a location block in httpd.conf,
don't work.

Thanks.

2. 8/99 on U5

3. Apache: DBM-based authentication and dbmmanage questions

4. ``Ansicolor'' telnet client wanted...

5. Question on apache user authentication

6. What is GROUPRT in ifconfig?

7. authentication question with Apache

8. Ghostscript & BubbleJet & 360dpi?

9. Apache server - user authentication question????

10. apache authentication question

11. Apache authentication question

12. Apache question: multiuser password authentication

13. Apache Authentication Question