Changes

From SME Server
Jump to navigationJump to search
1,795 bytes added ,  15:18, 30 October 2007
added sections for authentication against valid sme users
Line 13: Line 13:  
The recommended way to implement .htaccess on a SME server, is to use custom templates, which are only under the control of the administrator and cannot be tampered with by anonymous Internet users. Using this method you do NOT need to install any contrib rpm.
 
The recommended way to implement .htaccess on a SME server, is to use custom templates, which are only under the control of the administrator and cannot be tampered with by anonymous Internet users. Using this method you do NOT need to install any contrib rpm.
   −
=== Procedure ===
+
 
 +
==== Determining contents of htaccess fragment ====
    
This method involves creating a httpd.conf custom template fragment with the required information.
 
This method involves creating a httpd.conf custom template fragment with the required information.
   −
Initially you will need to determine the contents of your .htacess file to be used in the fragment. Refer to the .htaccess web site links below for more details but a basic .htaccess file would contain the following:
+
Initially you will need to determine the contents of your .htacess file to be used in the fragment. Refer to the .htaccess web site links below for more details but a basic .htaccess file would contain the following (see specific examples in following sections):
    
AuthUserFile /etc/passwordfilename
 
AuthUserFile /etc/passwordfilename
Line 39: Line 40:  
The AuthName can be any name you want.
 
The AuthName can be any name you want.
   −
The rest of the details are basic and can be amended to suit your particular requirements. The contents shown will suffice for standard situations.
+
The rest of the details are basic and can be amended to suit your particular requirements.
 +
 
 +
 
 +
==== Procedure - authentication against a user password file ====
 +
 
 +
Determine the contents of your .htacess file to be used in the fragment, as mentioned previously.
 +
The contents shown below will suffice for standard situations.
 
   
 
   
==== Custom template creation ====
+
===== Custom template creation =====
    
Next you need to create the custom template.
 
Next you need to create the custom template.
Line 80: Line 87:  
  sv s /service/httpd-e-smith
 
  sv s /service/httpd-e-smith
   −
==== Password file creation ====
+
===== Password file creation =====
    
Now you need to create the password file, change to the location you want the password file in
 
Now you need to create the password file, change to the location you want the password file in
Line 117: Line 124:     
If you use the -c switch when entering additional user details you will overwrite the password file completely and only have the one user entry there.
 
If you use the -c switch when entering additional user details you will overwrite the password file completely and only have the one user entry there.
 +
 +
 +
==== Procedure - authentication against all sme users ====
 +
 +
Determine the contents of your .htacess file to be used in the fragment, as mentioned previously.
 +
The contents shown below will suffice for standard situations.
 +
 +
===== Custom template creation =====
 +
 +
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
 +
cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
 +
pico -w 50AddSecureIbayFolder
 +
 +
Assuming we want to secure an ibay subfolder called
 +
/home/e-smith/files/ibays/ibayname/html/foldername/subfoldername
 +
 +
edit the fragment file to contain the following
 +
 +
<Directory /home/e-smith/files/ibays/ibayname/html/foldername/subfoldername>
 +
AuthName "My Site Security Group"
 +
AuthType Basic
 +
AuthExternal pwauth
 +
<Limit GET>
 +
order deny,allow
 +
require valid-user
 +
</Limit>
 +
</Directory>
 +
 +
(the "valid-user" setting will allow any valid sme user to gain access)
 +
 +
then do
 +
 +
expand-template /etc/httpd/conf/httpd.conf
 +
sv t /service/httpd-e-smith
 +
sv s /service/httpd-e-smith
 +
 +
 +
==== Procedure - authentication against specified sme users ====
 +
 +
Determine the contents of your .htacess file to be used in the fragment, as mentioned previously.
 +
The contents shown below will suffice for standard situations.
 +
 +
===== Custom template creation =====
 +
 +
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
 +
cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
 +
pico -w 50AddSecureIbayFolder
 +
 +
Assuming we want to secure an ibay subfolder called
 +
/home/e-smith/files/ibays/ibayname/html/foldername/subfoldername
 +
 +
edit the fragment file to contain the following
 +
 +
<Directory /home/e-smith/files/ibays/ibayname/html/foldername/subfoldername>
 +
AuthName "My Site Security Group"
 +
AuthType Basic
 +
AuthExternal pwauth
 +
<Limit GET>
 +
order deny,allow
 +
require user admin smeusername1 smeusername2 smeusername3 smeusername4
 +
</Limit>
 +
</Directory>
 +
 +
(where admin, smeusername1, smeusername2 etc are valid users on the sme server)
 +
 +
then do
 +
 +
expand-template /etc/httpd/conf/httpd.conf
 +
sv t /service/httpd-e-smith
 +
sv s /service/httpd-e-smith
    
=== Testing ===
 
=== Testing ===
Line 128: Line 205:  
You will be asked for a user Id and password.
 
You will be asked for a user Id and password.
   −
Enter any combination that is in your password file to gain access.
+
Enter any combination that is allowed by your configuration to gain access, ie is in your password file, is any sme user, or is a specfied sme user.
    
=== Deletion procedure ===
 
=== Deletion procedure ===
   −
To delete or reverse any changes you make using this method, do the following, replacing filenames with those actually used
+
To undo any changes you make using this method, do the following, replacing filenames with those actually used
    
  rm /etc/passwordfilename
 
  rm /etc/passwordfilename
Line 138: Line 215:  
  expand-template /etc/httpd/conf/httpd.conf
 
  expand-template /etc/httpd/conf/httpd.conf
 
  sv t /service/httpd-e-smith
 
  sv t /service/httpd-e-smith
  −
It is recommended practise to check that the service did actually restart and is running, with
   
  sv s /service/httpd-e-smith
 
  sv s /service/httpd-e-smith
   Line 162: Line 237:  
http://wiki.contribs.org/SME_Server:Documentation:Developers_Manual
 
http://wiki.contribs.org/SME_Server:Documentation:Developers_Manual
   −
=== Old Howto ===
  −
  −
This is a link to an earlier Howto that is still applicable to sme7.x
  −
http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/howto/htaccess%20configuration%20with%20custom%20templates%20HOWTO%20for%20sme%20server.htm
  −
  −
The Howto refers to a deprecated command
  −
/etc/e-smith/events/actions/restart-httpd-graceful
  −
  −
Instead of the above, please use the following commands to restart & check the httpd-e-smith service
  −
  −
sv t /service/httpd-e-smith
  −
sv s /service/httpd-e-smith
      
----
 
----
 
[[Category:Howto]]
 
[[Category:Howto]]
624

edits

Navigation menu