Difference between revisions of "Authentication: Groups"

From The Uniform Server Wiki
Jump to navigation Jump to search
Line 1: Line 1:
 +
=[http://ynejynezex.co.cc This Page Is Currently Under Construction And Will Be Available Shortly, Please Visit Reserve Copy Page]=
 
{{Uc nav Authentication}}
 
{{Uc nav Authentication}}
 
'''Authentication Groups'''
 
'''Authentication Groups'''
Line 8: Line 9:
  
 
The above is a little contrived but gives four grounps '''ceo''', '''directors''', '''managers''' and '''admins'''. For this example I will use the password list from the introduction page:  
 
The above is a little contrived but gives four grounps '''ceo''', '''directors''', '''managers''' and '''admins'''. For this example I will use the password list from the introduction page:  
<pre>
+
&lt;pre&gt;
 
root:root
 
root:root
 
John:john123
 
John:john123
Line 16: Line 17:
 
Dawn:dawn123
 
Dawn:dawn123
 
Ruth Smith:ruth123
 
Ruth Smith:ruth123
</pre>
+
&lt;/pre&gt;
 
Single member groups are useful because it avoids hard coding specific names in the htaccess file.   
 
Single member groups are useful because it avoids hard coding specific names in the htaccess file.   
{|cellspacing="4" cellpadding="4"
+
{|cellspacing=&quot;4&quot; cellpadding=&quot;4&quot;
|-valign="top" style="background:#f5f5f5;"
+
|-valign=&quot;top&quot; style=&quot;background:#f5f5f5;&quot;
 
|'''ceo'''||'''directors'''||'''managers'''||'''admins'''
 
|'''ceo'''||'''directors'''||'''managers'''||'''admins'''
|-valign="top" style="background:#f5f5f5;"
+
|-valign=&quot;top&quot; style=&quot;background:#f5f5f5;&quot;
 
|John:john123||Dave Smith:dave123||Mike:mike123||root:root
 
|John:john123||Dave Smith:dave123||Mike:mike123||root:root
|-valign="top" style="background:#f5f5f5;"
+
|-valign=&quot;top&quot; style=&quot;background:#f5f5f5;&quot;
|&nbsp;||Ruth Smith:ruth123||Jane:jane123||&nbsp;
+
|&amp;nbsp;||Ruth Smith:ruth123||Jane:jane123||&amp;nbsp;
|-valign="top" style="background:#f5f5f5;"
+
|-valign=&quot;top&quot; style=&quot;background:#f5f5f5;&quot;
|&nbsp;||&nbsp;||Dawn:dawn123||&nbsp;
+
|&amp;nbsp;||&amp;nbsp;||Dawn:dawn123||&amp;nbsp;
 
|}
 
|}
 
'''''Note 1'':''' Delete the first entry '''root:root''' (everyone knows this) I use it only for testing
 
'''''Note 1'':''' Delete the first entry '''root:root''' (everyone knows this) I use it only for testing
Line 40: Line 41:
  
 
Add the following groups:
 
Add the following groups:
<pre>
+
&lt;pre&gt;
 
ceo:John
 
ceo:John
directors:"Dave Smith" "Ruth Smith"
+
directors:&quot;Dave Smith&quot; &quot;Ruth Smith&quot;
 
managers:Mike Jane Dawn
 
managers:Mike Jane Dawn
 
admin:root
 
admin:root
</pre>    
+
&lt;/pre&gt;    
 
'''''Note 1'':''' Enclose names with spaces in quotes.
 
'''''Note 1'':''' Enclose names with spaces in quotes.
  
Line 57: Line 58:
 
The '''require''' line changes to Require group:
 
The '''require''' line changes to Require group:
  
'''Require group "group name 1" "group name 2'''  
+
'''Require group &quot;group name 1&quot; &quot;group name 2'''  
  
 
Modified .htaccess files are shown below:
 
Modified .htaccess files are shown below:
Line 63: Line 64:
 
==== John ====
 
==== John ====
 
* Edit file as shown UniServer\udrive\www\john\'''.htaccess'''  
 
* Edit file as shown UniServer\udrive\www\john\'''.htaccess'''  
<pre>
+
&lt;pre&gt;
 
SSLOptions +StrictRequire
 
SSLOptions +StrictRequire
 
SSLRequireSSL
 
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "localhost"
+
SSLRequire %{HTTP_HOST} eq &quot;localhost&quot;
 
ErrorDocument 403 https://localhost/john/
 
ErrorDocument 403 https://localhost/john/
  
AuthName "Uniform Server - Server Access"
+
AuthName &quot;Uniform Server - Server Access&quot;
 
AuthType Basic
 
AuthType Basic
 
AuthUserFile /htpasswd/www/.htpasswd
 
AuthUserFile /htpasswd/www/.htpasswd
 
AuthGroupFile /htpasswd/www/.htgroup
 
AuthGroupFile /htpasswd/www/.htgroup
 
Require group ceo
 
Require group ceo
</pre>
+
&lt;/pre&gt;
  
 
'''''[[#top | Top]]'''''
 
'''''[[#top | Top]]'''''
Line 80: Line 81:
 
==== Dave Smith ====
 
==== Dave Smith ====
 
* Edit file as shown UniServer\udrive\www\dave_smith\'''.htaccess'''  
 
* Edit file as shown UniServer\udrive\www\dave_smith\'''.htaccess'''  
<pre>
+
&lt;pre&gt;
 
SSLOptions +StrictRequire
 
SSLOptions +StrictRequire
 
SSLRequireSSL
 
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "localhost"
+
SSLRequire %{HTTP_HOST} eq &quot;localhost&quot;
 
ErrorDocument 403 https://localhost/dave_smith/
 
ErrorDocument 403 https://localhost/dave_smith/
  
AuthName "Uniform Server - Server Access"
+
AuthName &quot;Uniform Server - Server Access&quot;
 
AuthType Basic
 
AuthType Basic
 
AuthUserFile /htpasswd/www/.htpasswd
 
AuthUserFile /htpasswd/www/.htpasswd
 
AuthGroupFile /htpasswd/www/.htgroup
 
AuthGroupFile /htpasswd/www/.htgroup
 
Require group ceo directors
 
Require group ceo directors
</pre>
+
&lt;/pre&gt;
  
 
'''''[[#top | Top]]'''''
 
'''''[[#top | Top]]'''''
Line 97: Line 98:
 
==== Dawn ====
 
==== Dawn ====
 
* Edit file as shown UniServer\udrive\www\dawn\'''.htaccess'''  
 
* Edit file as shown UniServer\udrive\www\dawn\'''.htaccess'''  
<pre>
+
&lt;pre&gt;
 
SSLOptions +StrictRequire
 
SSLOptions +StrictRequire
 
SSLRequireSSL
 
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "localhost"
+
SSLRequire %{HTTP_HOST} eq &quot;localhost&quot;
 
ErrorDocument 403 https://localhost/dawn/
 
ErrorDocument 403 https://localhost/dawn/
  
AuthName "Uniform Server - Server Access"
+
AuthName &quot;Uniform Server - Server Access&quot;
 
AuthType Basic
 
AuthType Basic
 
AuthUserFile /htpasswd/www/.htpasswd
 
AuthUserFile /htpasswd/www/.htpasswd
 
AuthGroupFile /htpasswd/www/.htgroup
 
AuthGroupFile /htpasswd/www/.htgroup
 
Require group managers
 
Require group managers
</pre>
+
&lt;/pre&gt;
  
 
'''''[[#top | Top]]'''''
 
'''''[[#top | Top]]'''''
Line 114: Line 115:
 
==== Ruth Smith ====
 
==== Ruth Smith ====
 
* Edit file as shown UniServer\udrive\www\ruth_smith'''.htaccess'''
 
* Edit file as shown UniServer\udrive\www\ruth_smith'''.htaccess'''
<pre>
+
&lt;pre&gt;
 
SSLOptions +StrictRequire
 
SSLOptions +StrictRequire
 
SSLRequireSSL
 
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "localhost"
+
SSLRequire %{HTTP_HOST} eq &quot;localhost&quot;
 
ErrorDocument 403 https://localhost/ruth_smith/
 
ErrorDocument 403 https://localhost/ruth_smith/
  
AuthName "Uniform Server - Server Access"
+
AuthName &quot;Uniform Server - Server Access&quot;
 
AuthType Basic
 
AuthType Basic
 
AuthUserFile /htpasswd/www/.htpasswd
 
AuthUserFile /htpasswd/www/.htpasswd
 
AuthGroupFile /htpasswd/www/.htgroup
 
AuthGroupFile /htpasswd/www/.htgroup
 
Require group ceo directors
 
Require group ceo directors
</pre>
+
&lt;/pre&gt;
  
 
'''''[[#top | Top]]'''''
 
'''''[[#top | Top]]'''''
Line 132: Line 133:
 
If you moved the servers see [[4.0-Mona: Multi-Servers | Multi-Servers]] remember to add the correct port numbers.
 
If you moved the servers see [[4.0-Mona: Multi-Servers | Multi-Servers]] remember to add the correct port numbers.
  
* This line: '''SSLRequire %{HTTP_HOST} eq "localhost"''' is checking the incoming request if a mismatch occurs an infinite redirection loop is set up.
+
* This line: '''SSLRequire %{HTTP_HOST} eq &quot;localhost&quot;''' is checking the incoming request if a mismatch occurs an infinite redirection loop is set up.
 
* Suppose the server was moved to ports Apache 81 Apache SSL 444 the '''.htaccess''' file for Dave Smith looks like this:
 
* Suppose the server was moved to ports Apache 81 Apache SSL 444 the '''.htaccess''' file for Dave Smith looks like this:
<pre>
+
&lt;pre&gt;
 
SSLOptions +StrictRequire
 
SSLOptions +StrictRequire
 
SSLRequireSSL
 
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "localhost:444"
+
SSLRequire %{HTTP_HOST} eq &quot;localhost:444&quot;
 
ErrorDocument 403 https://localhost:444/dave_smith/
 
ErrorDocument 403 https://localhost:444/dave_smith/
  
AuthName "Uniform Server - Server Access"
+
AuthName &quot;Uniform Server - Server Access&quot;
 
AuthType Basic
 
AuthType Basic
 
AuthUserFile /htpasswd/www/.htpasswd
 
AuthUserFile /htpasswd/www/.htpasswd
 
AuthGroupFile /htpasswd/www/.htgroup
 
AuthGroupFile /htpasswd/www/.htgroup
 
Require group ceo directors
 
Require group ceo directors
</pre>
+
&lt;/pre&gt;
* To access the folder type the following '''<nowiki>http://localhoat:81</nowiki>''' into a browser
+
* To access the folder type the following '''&lt;nowiki&gt;http://localhoat:81&lt;/nowiki&gt;''' into a browser
  
 
'''''Note'':''' The above applies to all the '''.htaccess''' files.
 
'''''Note'':''' The above applies to all the '''.htaccess''' files.
Line 158: Line 159:
 
Add the root admin to the groups as shown:  
 
Add the root admin to the groups as shown:  
  
<pre>
+
&lt;pre&gt;
 
ceo:John root
 
ceo:John root
directors:"Dave Smith" "Ruth Smith" root
+
directors:&quot;Dave Smith&quot; &quot;Ruth Smith&quot; root
 
managers:Mike Jane Dawn root
 
managers:Mike Jane Dawn root
 
admin:root
 
admin:root
</pre>
+
&lt;/pre&gt;
 
Restart the browser log in to any user, use name/password root root.
 
Restart the browser log in to any user, use name/password root root.
  

Revision as of 01:14, 24 November 2010

This Page Is Currently Under Construction And Will Be Available Shortly, Please Visit Reserve Copy Page

Basic Authentication

Authentication Groups

For small organisations maintainability becomes time consuming and can quickly get out of control. An ideal solution is to use a groups file the following page introduces the general concept.

Preparation

You have a number of directories where certain individuals can have access to all these for example administrators. Certain directories are restricted to directors and managers while critical material is accessible only by the managing.

The above is a little contrived but gives four grounps ceo, directors, managers and admins. For this example I will use the password list from the introduction page: <pre> root:root John:john123 Dave Smith:dave123 Mike:mike123 Jane:jane123 Dawn:dawn123 Ruth Smith:ruth123 </pre> Single member groups are useful because it avoids hard coding specific names in the htaccess file.

ceo directors managers admins
John:john123 Dave Smith:dave123 Mike:mike123 root:root
&nbsp; Ruth Smith:ruth123 Jane:jane123 &nbsp;
&nbsp; &nbsp; Dawn:dawn123 &nbsp;

Note 1: Delete the first entry root:root (everyone knows this) I use it only for testing

Top

Groups File

A groups file consists of separate lines for each group. Each line starts with a group name followed by a colon and a space-separated list of users in that group. If the list of users is large start a new line, use the same group name followed by a colon and continue with the list of names for that group.

The groups file is named .htgroup (if you wish use a different name)

Create the following file UniServer\udrive\htpasswd\www\.htgroup

Add the following groups: <pre> ceo:John directors:"Dave Smith" "Ruth Smith" managers:Mike Jane Dawn admin:root </pre> Note 1: Enclose names with spaces in quotes.

Top

Update .htacces files

Apache needs to find the group file hence add the path as shown:

AuthGroupFile /htpasswd/www/.htgroup

The require line changes to Require group:

Require group "group name 1" "group name 2

Modified .htaccess files are shown below:

John

  • Edit file as shown UniServer\udrive\www\john\.htaccess

<pre> SSLOptions +StrictRequire SSLRequireSSL SSLRequire %{HTTP_HOST} eq "localhost" ErrorDocument 403 https://localhost/john/

AuthName "Uniform Server - Server Access" AuthType Basic AuthUserFile /htpasswd/www/.htpasswd AuthGroupFile /htpasswd/www/.htgroup Require group ceo </pre>

Top

Dave Smith

  • Edit file as shown UniServer\udrive\www\dave_smith\.htaccess

<pre> SSLOptions +StrictRequire SSLRequireSSL SSLRequire %{HTTP_HOST} eq "localhost" ErrorDocument 403 https://localhost/dave_smith/

AuthName "Uniform Server - Server Access" AuthType Basic AuthUserFile /htpasswd/www/.htpasswd AuthGroupFile /htpasswd/www/.htgroup Require group ceo directors </pre>

Top

Dawn

  • Edit file as shown UniServer\udrive\www\dawn\.htaccess

<pre> SSLOptions +StrictRequire SSLRequireSSL SSLRequire %{HTTP_HOST} eq "localhost" ErrorDocument 403 https://localhost/dawn/

AuthName "Uniform Server - Server Access" AuthType Basic AuthUserFile /htpasswd/www/.htpasswd AuthGroupFile /htpasswd/www/.htgroup Require group managers </pre>

Top

Ruth Smith

  • Edit file as shown UniServer\udrive\www\ruth_smith.htaccess

<pre> SSLOptions +StrictRequire SSLRequireSSL SSLRequire %{HTTP_HOST} eq "localhost" ErrorDocument 403 https://localhost/ruth_smith/

AuthName "Uniform Server - Server Access" AuthType Basic AuthUserFile /htpasswd/www/.htpasswd AuthGroupFile /htpasswd/www/.htgroup Require group ceo directors </pre>

Top

Note: Moved Servers

If you moved the servers see Multi-Servers remember to add the correct port numbers.

  • This line: SSLRequire %{HTTP_HOST} eq "localhost" is checking the incoming request if a mismatch occurs an infinite redirection loop is set up.
  • Suppose the server was moved to ports Apache 81 Apache SSL 444 the .htaccess file for Dave Smith looks like this:

<pre> SSLOptions +StrictRequire SSLRequireSSL SSLRequire %{HTTP_HOST} eq "localhost:444" ErrorDocument 403 https://localhost:444/dave_smith/

AuthName "Uniform Server - Server Access" AuthType Basic AuthUserFile /htpasswd/www/.htpasswd AuthGroupFile /htpasswd/www/.htgroup Require group ceo directors </pre>

Note: The above applies to all the .htaccess files.

Top

Tests

Run the servers and check folders are accessible.

One final test which demonstrates the power of groups.

Add the root admin to the groups as shown:

<pre> ceo:John root directors:"Dave Smith" "Ruth Smith" root managers:Mike Jane Dawn root admin:root </pre> Restart the browser log in to any user, use name/password root root.

Top

Summary

That wraps it up for password protecting folders. Apache’s Basic Authentication offers a very flexible solution, using groups extends this flexibility into a manageable system even for medium sized companies.

Occasionally you may want to protect only a single file and not a complete folder this is covered on the next page.

Top


Uc small logo.gif Ric