Apache 1.3.3 - DBM User Authentication - Using Groups

Apache 1.3.3 - DBM User Authentication - Using Groups

Post by Annette Strupp-Adam » Thu, 13 May 1999 04:00:00



In my earlier posting I meant to say that I am using Apache 1.3.3.
Therefore, here is a repetition of
my earlier question.

Using Apache 1.3.3 on Sun UltraSPARC 60 machine, running Solaris 2.7 I
use dbmmanage to
restrict access to users
of a specified group as follows:

dbmmanage /usr/local/etc/httpd/userdbm adduser martin hamster staff

The directive in the access.conf file reads as follows ( the numbers at
the beginning of each line are
line number of vi ) :

       <Directory "/usr/local/etc/httpd/restricted">
       Options ExecCGI FollowSymLinks
      AuthName "restricted access"
     AuthType Basic
     AuthDBMGroupFile /usr/local/etc/httpd/userdbm
     AuthDBMUserFile /usr/local/etc/httpd/userdbm
     <Limit GET POST>

     require group staff
     </Limit>
     </Directory>

After I restart the server and try to access the restricted directory, I
get the foll. error message in
the error_log:

[Tue May 11 11:53:07 1999] [error] [client <ip address>  user martin not
in right group:
/usr/local/etc/httpd/restricted/index.html

If, however, I change :

require group staff

to: require valid-user

it works.

Can anyone please tell me what I am doing wrong here.  I have checked
all of the documentation I
can think of.

Thank you.

Annette

--
Annette Strupp-Adams
Senior Systems Analyst

National Library of Medicine

 
 
 

Apache 1.3.3 - DBM User Authentication - Using Groups

Post by Ron Klatchk » Thu, 13 May 1999 04:00:00



> dbmmanage /usr/local/etc/httpd/userdbm adduser martin hamster staff

adduser doesn't handle groups.  If you noticed, it prompted you for the
password, so it was obviously ignoring that part of the command line.

What you can do is use the command add.  It allows you to specify
exactly what goes into the value of the db file.  Unfortunately, you
would also need to crypt the password itself.  So, the following should
work for you:

dbmmanage /usr/local/etc/httpd/userdbm add martin Tbcef6iDLJVCc:staff

moo
----------------------------------------------------------------------
          Ron Klatchko - Manager, Advanced Technology Group          
           UCSF Library and Center for Knowledge Management          


 
 
 

Apache 1.3.3 - DBM User Authentication - Using Groups

Post by Ron Klatchk » Thu, 13 May 1999 04:00:00



> adduser doesn't handle groups.  If you noticed, it prompted you for the
> password, so it was obviously ignoring that part of the command line.

After taking a second look at dbmmanage, I realized it would be quite
easy to modify it to handle groups as part of adduser.  If you apply the
following patch:

Quote:> diff -c dbmmanage.old dbmmanage

*** dbmmanage.old       Wed May 12 13:37:49 1999
--- dbmmanage   Wed May 12 13:42:43 1999
***************
*** 162,168 ****
--- 162,170 ----
  sub dbmc::adduser {
      my $value = getpass "New password:";
      die "They don't match, sorry.\n" unless getpass("Re-type new
password:") eq $value;
+     my $groups = $crypted_pwd;
      $crypted_pwd = crypt $value, caller->salt;
+     $crypted_pwd .= ":$groups" if ( $groups );
      dbmc->add;
  }

The command adduser and update both allow groups to be specified on the
command line.  You can do:

dbmmanage file [adduser|update] username groups

Groups should be blank if you don't want to specify a group or a list of
one or more groups.  To add multiple groups, seperate them by commas,
not by whitespace:

dbmmanage .htpasswd adduser ron staff,webmasters,randomgroup

moo
----------------------------------------------------------------------
          Ron Klatchko - Manager, Advanced Technology Group          
           UCSF Library and Center for Knowledge Management          

 
 
 

1. DBM User Authentication - Using Groups

Using Apache 1.1.3 on Sun UltraSPARC 60 machine, running Solaris 2.7 I
use dbmmanage to restrict access to users
of a specified group as follows:

dbmmanage /usr/local/etc/httpd/userdbm adduser martin hamster staff

The directive in the access.conf file reads as follows ( the numbers at
the beginning of each line are line number of vi ) :

       <Directory "/usr/local/etc/httpd/restricted">
       Options ExecCGI FollowSymLinks
      AuthName "restricted access"
     AuthType Basic
     AuthDBMGroupFile /usr/local/etc/httpd/userdbm
     AuthDBMUserFile /usr/local/etc/httpd/userdbm
     <Limit GET POST>

     require group staff
     </Limit>
     </Directory>

After I restart the server and try to access the restricted directory, I
get the foll. error message in the error_log:

[Tue May 11 11:53:07 1999] [error] [client <ip address>  user martin not
in right group:  /usr/local/etc/httpd/restricted/index.html

If, however, I change :

require group staff

to: require valid-user

it works.

Can anyone please tell me what I am doing wrong here.  I have checked
all of the documentation I can think of.

Thank you.

Annette

--
Annette Strupp-Adams
Senior Systems Analyst

National Library of Medicine

2. HELP: Odd ide messages from pre2.0 onwards...

3. Apache auth: user/pass spanning groups using DBM?

4. ELF & linux & DOS & cross-compiling

5. Apache DBM authentication and RPC DBM

6. HELP: SONY CDROM

7. DBM User Authentication in Apache

8. PROBLEM: 2.4.18 kernel Segmentation Fault reading from CDU31a [CD Rom Drive]

9. Apache w/ DBM vs. Apache w/o DBM ?

10. User and group authentication in Apache

11. Apache authentication with LDAP group and group file

12. DBM User Authentication Problem

13. User authentication - DBM module