Red Hat DIRECTORY SERVER 2.0 - GATEWAY Manual de usuario descargar pdf (Pagina 82)

Chapter 10. Access control

$ touch /etc/httpd/access/digest_pw

$ htdigest /etc/httpd/access/digest_pw "Cheese lovers only" rjd4

Adding user rjd4 in realm Cheese lovers only

New password: password

Re-type new password: password

Figure 10-14. Adding a user to a digest password ﬁle

The other issue we mentioned was that text ﬁles were used to hold the users, pass-

words and groups. For a small number of users this is ﬁne but if your users reach

into the thousands you may want to consider alternatives that are faster to search.

Alternatively, you may already have an LDAP authentication mechanism and want

to use that. A series of other modules exist for providing Basic authentication with

passwords and groups held in other formats.

Table 10-2. Various storage formats for Basic authentication

auth_module Text ﬁles. This is the module we have reviewed extensively

above.

auth_anon_module This acts in a manner analogous to anonymous FTP. It uses the

userid anonymous and requests an email address for the

password. This can be logged.

auth_dbm_module This uses DBM ﬁles rather than text ﬁles. These are much

faster to look up in once the number of ids stored becomes

large.

auth_ldap_module This uses LDAP to authenticate the user. This can be used to

tie in with an existing LDAP service to stop your users

needing to know yet another password. Unless you specify

the use of LDAPS in the conﬁguration ﬁles, the passwords will

travel across the network in plain text from the web server to

the LDAP server.

auth_mysql_module This module checks the userids and groups against a MySQL

database. This is not a standard Apache module but requires

an additional software package.

auth_pgsql_module As above, but using a PostgreSQL database.

Mix and match: Location and Authentication

This brief section shows how the two mechanisms for controlling access, location and

identiﬁcation, interoperate. Speciﬁcally, there is a common desire in the University

to grant passwordless access from within the department or cam.ac.uk domain and

passwordful access otherwise.

Suppose we wanted http://cheese.dept.cam.ac.uk/games/ accessible from

dept.cam.ac.uk without a password and with a password from elsewhere.

Order Allow,Deny

Allow from csi.cam.ac.uk

AuthType Digest

AuthName "Cheese lovers only"

AuthDigestDomain /games/

AuthDigestFile /etc/httpd/access/digest_pw

AuthDigestGroupFile /etc/httpd/access/group

Require group cheddar stilton

1 2 ... 77 78 79 80 81 82 83 84 85 86 87 ... 95 96

Comentarios a estos manuales

Sin comentarios

Red Hat DIRECTORY SERVER 2.0 - GATEWAY Manual de usuario Pagina 82

Comentarios a estos manuales

Relacionado con productos y manuales para Servidores Red Hat DIRECTORY SERVER 2.0 - GATEWAY