HP 5991-5565 Protecting Apache HTTP Server Authorization with Symas CDS, http:, /test

Creating a Password File

Create a password file to contain the HTTPS server passwords using the following steps:

1.Create the password directory by entering the following command:

#mkdir /etc/apache2/passwd

2.Create and update the user password file by entering the following command:

#htpasswd2 -c /etc/apache2/passwd/mypasswords TESTNAME

New password: <*******>

Re-type new password: *******

Creating the Distributed Configuration File

You can create a distributed configuration file, which you place in a directory, that contains configuration directives specific to that directory and all its subdirectories. This allows you the flexibility of defining how your entire directory structure is configured on a per-directory basis. Use the following procedure to create the .htaccess distributed configuration file:

1.Create the following file:

/srv/www/htdocs/test/.htaccess

2.Add the following lines to the file you created in Step 1:

AuthType Basic

AuthName "Restricted Files"

AuthUserFile /etc/httpd/conf/passwd/mypasswords Require user TESTNAME

Restarting the Apache HTTP Server

Restart Apache by entering the following command:

#/etc/init.d/apache2 restart

Verifying the Authentication and Authorization Operations

Verify that the Apache HTTP server authenticates and authorizes server access properly by performing the following steps:

1.Open a browser window and navigate to the following website at: http://<YOUR_WEB_SERVER_IP>/test/

2.When prompted, log in with the user name TESTNAME and the password PASSWORD. If the login succeeds, the following message appears:

The Authentication and Authorization worked !

If the login fails, the following message appears:

Authorization Required

Protecting Apache HTTP Server Authorization with Symas CDS

Symas CDS is a service that can be used by applications to authenticate users and grant authorization. It can protect the contents in Apache using an Apache module, mod_auth_ldap, within the Linux distribution. Another Apache module, mod_ldap, can also be used as part of the LDAP connection pooling and resulting cache services. When a request for the protected data arrives, the LDAP directory looks at all entries to find a unique match. If it is found, mod_auth_ldap uses the domain name (DN) of the entry and the password provided by the HTTP client to bind the directory server.

Configuring CDS and LDAP Services

Use the following procedure to configure the CDS and LDAP services:

44