Blue Reef Technical Support Blue Reef Virtual Server Reseller ProgramInstallation instructions, manuals, how-tos, and more!About Blue Reef Consulting, Inc.

About Blue Reef Virtual ServersEcommerce Solutions for your Virtual ServerSearch the Blue Reef Virtual Server web site
Return to Blue Reef Virtual Servers Home Page
Order virtual servers, software, computers, and more!
Return to Blue Reef Main Home Page
Specials
Site Map
CGi Library of scripts to help you do business with your Virtual Serve and to have a better web site.



Blue Reef Virtual Servers
Virtual Server Support
Virtual Server Addons
CGI Library for use with a Virtual Server
CGI Library Overview
FormMail
PGP FormMail
Simple Visitor Counter
Count 2.5 Visitor Counter
Guestlist
User Information (Finger)
Password-protect files with User Authentication
URL Redirection
Tool to Check Domain Name Availability
Lookup details for domain records
Domain Record Modification Tools
Excite Search Engine for your site
SWISH-E search engine for your site
JavaScript Library
Java Library
Request help using our Problem Tracking System
Order a Blue Reef Virtual Server now!


User Authentication Manager:
Password Protecting Web Folders

Overview
You can control access to a particular directory on your web server using a concept commonly termed "user authentication". The "Basic" user-authentication allows you to restrict access to users who can provide a valid username/password pair. The User Authentication Manager provides you with a web-based interface to set up password protected directories and provides your clients with a web-based interface such that they can change their passwords.

Documentation
Before you install and use the User Authentication Manager on your Virtual Server, you should make yourself familiar with the definitions and directives that are associated with user authentication. An excellent online resource is available at the NCSA User Authentication Tutorial.

Installation
To install the User Authentication Manager on your Virtual Server you need to Telnet or SSH to your Virtual Server and do the following:
    % vinstall htaccess
Configuring your Web Server
To prevent anyone from accessing your User Authentication Manager, yet still allowing yourself access with administrative privileges, you need to add a Directory directive to your web server's configuration file. Specifically, you need to append the following lines to your web server config file (~/www/conf/httpd.conf).

<Directory /usr/local/etc/httpd/cgi-bin/Scriptorium/htaccess>
AuthType Basic
AuthName "User Authentication Manager"
AuthUserFile /www/httpd/htpasswd/admin.passwd
<Limit GET POST>
require user admin
</Limit>
</Directory>

This directive limits access to the User Authentication Manager (which is installed in your ~/www/cgi-bin/library/htaccess directory), allowing only those clients that authenticate using the user name "admin". The encrypted password for the user "admin" is stored in the ~/www/httpd/htpasswd/admin.passwd file (this password file was installed as part of the archive you untarred during installation). The admin password is initially set to "5e5ame". You are strongly encouraged to change this password which can be done by connecting to your Virtual Server via Telnet or SSH and performing the following steps:

% cd (change to your home directory)
% htpasswd ~/www/httpd/htpasswd/admin.passwd admin

You will then be prompted for a new password and asked to retype your new password.

NOTE: After you make changes to the access.conf file, you will need to restart your Apache server so that the changes are recognized. You can do this by connecting to your Virtual Server and executing the command restart_apache.
    % restart_apache

If you want to allow users to change passwords remotely (described below) you will also need to be sure that the option ExecCGI is added to the htdocs Directory definition. The htdocs Directory definition is found in your ~/www/conf directory under the name access.conf (or httpd.conf, the same file you modified above). In this file, locate the htdocs Directory definition.... it should look something like:
    <Directory /usr/local/etc/httpd/htdocs>

    # This may also be "None", "All", or any combination of "Indexes",
    # "Includes", or "FollowSymLinks"


    Options Indexes FollowSymLinks Includes

    .
    .
    .


    </Directory>
Modify the Options to include ExecCGI (as shown below).
    Options Indexes FollowSymLinks Includes ExecCGI
NOTE: After you make changes to the access.conf file, you will need to restart your Apache server so that the changes are recognized. You can do this by connecting to your Virtual Server and executing the command restart_apache.
    % Restart_apache

Accessing the User Authentication Manager
You can access the User Authentication Manager on your Virtual Server by typing the following URL into the web browser of your choice:
    http://YOUR-DOMAIN.NAME/cgi-bin/Scriptorium/htaccess/htaccess.pl
You will be prompted for a user name and password before you can use the User Authentication Manager. Use "admin" and the user name and the password you selected during the configuration step above. After you have authenticated, you will be prompted for either 1) a directory that is currently password protected, or 2) a directory which you would like to password protect. Enter the directory with respect to your home directory. For example, use "/www/htdocs/some/directory/" instead of "/usr/home/yourloginname/www/htdocs/some/directory/".
  1. If the directory previously was configured for authentication, the User Authentication Manager will display the contents of the .htaccess file in this directory in a web-based form. You can then add new users or groups, remove current users or groups, change the password of current users, or change the composition of current groups. You will also see that the <Limit> definition(s) are displayed in a web-based form.

  2. If the directory you selected was not previously password protected. The User Authentication Manager will create a default .htaccess file in that directory and then display it in a web-based form. You can then add new users and new groups as you desire.
The User Authentication Manager assumes that you have some basic knowledge about .htaccess files. Should you find that you need more information about specific features of the User Authentication Manager, you should refer to the following URLs:
Allowing Users to Change Passwords Remotely
Before a user can be provided with the capability of changing his or her using the User Authentication Manager, you must first use the User Authentication Manager to view or create a password protected directory. This is outlined in the "Accessing your User Authentication Manager" step above.

When you use the User Authentication Manager to view or create the .htaccess in a directory, a few changes are made to the file and directory contents. One such change includes making a "shortcut" to the User Authentication Manager in that directory. This "shortcut" is not too different than that you would find on a Windows 95 or Macintosh desktop and does not impact your disk usage in any significant way.

After you have accessed the directory using the User Authentication Manager, you can now allow any user to change his or her password via a web based form. The user need simply access the User Authentication Manager "shortcut" that is copied into the directory. For example, you might add something like this to the web content in the protected directory:
    <a href="htaccess.pl">Change Your Password</a>
When your users access the User Authentication Manager in the directory, the Manager will display a form which allows the user to change their password.


More Information on Alternative Methods
If the User Authentication Manager does not work for you, you may try the Apache Authentication, Authorization, and Access Control, which has simple command line instructions for creating password protected directories.
SEE ALSO:

Installing CGI Scripts

CGI Security Issues

CGI Scriptorium

About Perl

Perl Modules

Server Side Includes

Mime Types

About Apache Server

Recommended Perl Books

Recommended O'Reilly Books

Recommended Security Books

Recommended Server Books

BOOKS TO HELP YOU:

CGI Programming 101
CGI Programming 101


CGI Programming With Perl
CGI Programming With Perl


Web Security:
A Step-by-Step Reference Guide


Official Guide to Programming With CGI.pm
Official Guide to Programming With CGI.pm


Javascript Bible
Javascript Bible,


Core Web Programming
Core Web Programming


Apache: Web Server Directives Guidebook Apache:
Web Server Directives Guidebook

Amazon.com logo
Search for :
Enter keywords...