Red Hat DIRECTORY SERVER 2.0 - GATEWAY Uživatelský manuál stáhnout pdf (Strana 81)

Chapter 10. Access control

AuthType Basic

AuthName "Cheese lovers only"

AuthUserFile /etc/httpd/access/passwd

AuthGroupFile /etc/httpd/access/group

Require group stilton cheddar

</Directory>

Figure 10-12. httpd.conf: Restricting access to /var/www/CHEESE/games to groups

cheddar and stilton

Syntax summary: Require

Require

The Require command speciﬁes the policy of who is allowed access once identi-

ﬁcation is complete.

Require valid-user

Any authenticated user may have access to the pages.

Require user user

user

...

Only one of the listed users may have access to the pages.

Require group group

group

...

Any user in one or more of the listed groups may have access to the pages.

If we wanted to delegate policy regarding access control by this mechanism we must

allow the override with AllowOverride AuthConﬁg.

Variations on a theme of user identiﬁcation

What we described in the previous section is a way to provide user authenticated

access control. We used the Basic protocol and simple text ﬁles to store the userids,

passwords and groups.

The Basic protocol can be replaced with the Digest protocol. This comes from module

auth_digest_module from mod_auth_digest.so.

LoadModule auth_digest_module modules/mod_auth_digest.so

AuthType Digest

AuthName "Cheese lovers only"

AuthDigestDomain /games/

AuthDigestFile /etc/httpd/access/digest_pw

AuthDigestGroupFile /etc/httpd/access/group

Require group cheddar stilton

</Directory>

Figure 10-13. httpd.conf: The equivalent commands for the Digest protocol

The password ﬁle is replaced with one with a different structure, but the group ﬁle is

the same as it was before.

1 2 ... 76 77 78 79 80 81 82 83 84 85 86 ... 95 96

Žádné komentáře

Red Hat DIRECTORY SERVER 2.0 - GATEWAY Uživatelský manuál Strana 81