8/8/2019 Authentication in apache
1/14
TOPIC
AUTHENTICATION IN APACHE
Submitted to Submitted by
Ms. Jasleen Prabjot
3010060036
Roll no 25
8/8/2019 Authentication in apache
2/14
Apache Authenticationy Authentication is any process by which you verify that
someone is who they claim they are. This usually
involves a username and a password, but can includeany other method of demonstrating identity, such as asmart card, retina scan, voice recognition, orfingerprints.
y
For Example:- Authentication is equivalent toshowing your drivers license at the ticket counter atthe airport.
8/8/2019 Authentication in apache
3/14
A sample authentication window
www.myserver.com
8/8/2019 Authentication in apache
4/14
Setting up apache authentication
y Make sure that for the entry that you areusing, the AllowOverride AuthConfig
y directive is on.y Secondly you must create a password file for the zone
that you are protecting.
8/8/2019 Authentication in apache
5/14
Authenticationy Apache provides several different methods of authentication
y File based authenticationy
Mod_Auth Authenticates users by looking up user namesand passwords in a file created by the HTPASSWD utilityy Mod_Auth_Digest Similar to Mod_Auth except it only
accepts digest encrypted credentials
y Database based authenticationy Mod_AuthDBM Authenticates users by looking up user
names and passwords in a database managed by theDBMMANAGE utility
y
8/8/2019 Authentication in apache
6/14
Different Authentication controls
1. Basic
2. Digest3. NTLM
4. Alternate Authentication
8/8/2019 Authentication in apache
7/14
Apache
User Authentication DirectivesDirective Description
AuthName Specifies descriptive text for user authentication that appears on the
users browser when the request is made to log on. Example:
AuthName Internal Product InformationAuthType Specifies the authentication type. Digest not supported so use
Basic. Example: AuthType Basic
AuthUserFile Specifies the complete path to the user authentication file.Example: AuthUserFile /var/www/users
AuthGroupFile Specifies the complete path to the text file that associates users withgroups.
require Defines which users in the user authentication file are allowed access
to the directory. Examples:require user fpessoa lcamoes
require group developers designers
require valid-user
8/8/2019 Authentication in apache
8/14
AuthTypeSyntax:-
AuthType type
directory, .htaccess AuthType specifies the type of authorization control.
Basic was originally the only possible type, but Apache1.1 introduced Digest, which uses an MD5 digest and a
shared secret
8/8/2019 Authentication in apache
9/14
8/8/2019 Authentication in apache
10/14
8/8/2019 Authentication in apache
11/14
AuthAuthoritativeSyntax:-
AuthAuthoritative on off
Default: AuthAuthoritative ondirectory, .htaccess
It setting the AuthAuthoritative directive explicitlyallows for both authentication or authorization to be
pass on lower level modules.
8/8/2019 Authentication in apache
12/14
Anonymous vs. Authenticated
Modesy Uses public rights vs. logging in with a special user ID
and passwordy
Anonymous mode requires public access rights to Directory attributes Home Directory User home directory information
Host Server Physical server name
Host Resource Name Physical volume name
y Authenticated mode requires a special user object with
browse rights to USERand VOLUME objects
8/8/2019 Authentication in apache
13/14
Authenticated Mode Pros vs.
Cons
13
Does not require administrator
intervention to allow home directory
access
Allows binding directly to LDAP or a
remote file system rather than depending
on public rights
Allows the Apache server to acquire
home directory information from any
LDAP server
All access to home directories or remote
file systems can be controlled through a
single Apache user object
Pros Cons
Requires a special
Apache user object
in eDirectory
Requires that a user
name and password
be stored in a
configuration file
8/8/2019 Authentication in apache
14/14