Table of Contents
httpd.access – authentication controls for HTTP access
The HTTP daemon can apply authentication controls to individual users or groups on a per directory basis. The file /etc/httpd.access
specifies the following items for each access-controlled tree:
the path to the tree
the authority required to authenticate access to the tree
the lists of users or groups who are permitted access when authenticated
The syntax is the same as the access control syntax used by NCSA and Apache. However, the httpd.access file only supports a subset of directives supported by NCSA and Apache. You can copy an existing NCSA or Apache access to the filer without editing or reformatting.
The supported directives are: <Directory directory_name> </Directory> AuthName Title phrase require user user_id
] require group group_id
where Title phrase is a word or phrase that is passed to the authentication dialog as a title for the dialog that prompts the user for a password.
The following example restricts access to the file /home/htdocs/private/bob
so that only user dole can access it, after supplying the required password. The authentication dialog is titled “My private stuff.”
<Directory /home/htdocs/private/bob> AuthName My private stuff
require user dole
The <Limit GET> and </Limit> directives are not supported, but are retained for format consistency with NCSA and Apache. The filer just ignores them.
The following example restricts access to the directory tree /home/htdocs/private/conspiracy to the group “guyinblack”, which consists of the users whose IDs are cancer, deepthroat, mrx, and skinner. The authentication dialog is titled “Area 51.”
<Directory /home/htdocs/private/conspiracy> AuthName Area 51
require group guyinblack
In this example, “guyinblack” is defined by the following entry in /etc/httpd.group:
guyinblack: cancer deepthroat mrx skinner
The following example requires the client to provide a Windows Domain username and password to access the directory tree /home/htdocs/win. The authentication dialog is “Windows(tm) Authentication” This authentication dialog, typed exactly as presented here, is required to enforce NTLM authentication.
AuthName Windows(tm) Authentication </Directory>
If this authentication control is used the Filer must have CIFS running, and either be a member of a Windows Domain or be using Local User authentication.
Any changes take effect within 5 minutes
Changes are persistent across system reboots.
httpd.passwd , httpd.group .
Only the directives listed above are supported; other directives that may appear in NCSA or Apache access files are ignored.
Table of Contents
Read more... (440 words, estimated 1:46 mins reading time)