[UniMacTech] authenticating a OS X 10.5 web server

[Craig Richardson]

Hi Ross,

I believe you would do this with definitions in the /etc/apaches2/ 
http.conf file.  However I've really only done this in Linux so the  
following details might be a bit off.

You can set directories for IP based authentication (this example  
defines the whole 192.168.xxx.xxx subnet)

<Location /somedirectory>
     Order deny,allow
     Deny from all
     Allow from 192.168.
</Location>

Or a simple user/password combo by creating a .htaccess file in the  
directory you want to restrict.  I'd also recommend using an SSL cert  
to protect the password.

SSLRequireSSL
AuthUserFile /etc/apache2/Users
AuthName Example
AuthType Basic

<Limit GET POST PUT>
order deny,allow
deny from all
require user exampleuser
satisfy any
</Limit>

You also have the create the /etc/apache2/Users file and populate it  
with the terminal command -
htpasswd -c exampleuser /etc/apache2/Users

I believe that .htaccess files are disabled by default in 10.5 server,  
you'll need to find the option in /etc/apaches2/http.conf to enable  
them.  Also I think that changing this file will break your Server  
Admin tool for Apache, perhaps someone else can confirm that?

hope that helps,

Craig

--
Craig Richardson
Systems Administrator
Macquarie Centre for Cognitive Science
MACQUARIE UNIVERSITY NSW 2109

Phone: +61 (0)2 9850 6730
Fax: +61 (0)2 9850 6059	
http://www.maccs.mq.edu.au

CRICOS Provider No 00002J

This message is intended for the addressee named and may contain  
confidential information.  If you are not the intended recipient,  
please delete it and notify the sender.  Views expressed in this  
message are those of the individual sender, and are not necessarily  
the views of MACCS or Macquarie University.

On 03/12/2008, at 9:18 AM, Ross Glover wrote:

> Hello Folks,
>
> We have a stand-alone web server running on OS X 10.5 and we would  
> like to limit access to some directories.
>
> Access on-campus access must be seamless (by ip) but off-campus  
> access would require username/password.
>
> My limited understanding is that this would normally be done via an  
> auth-ldap-type module in Apache but the OS X 10.5 implementation  
> doesn’t have this so presumably Apple have another method. One  
> suggested solution is to use Open Directory, apple_auth_module and  
> Realms but I don’t see how this can work to allow on-campus without  
> authentication. Another is to re-compile Apache with the required  
> modules.
>
> As a complete novice in this area, I would welcome any advice on how  
> to proceed.
>
> Thanks you,
>
> Ross.
> _______________________________________________
> unimactech mailing list
> unimactech at auc.edu.au
> http://www.auc.edu.au/mailman/listinfo/unimactech



--
Craig Richardson
Systems Administrator
Macquarie Centre for Cognitive Science
MACQUARIE UNIVERSITY NSW 2109

Phone: +61 (0)2 9850 6730
Fax: +61 (0)2 9850 6059	
http://www.maccs.mq.edu.au

CRICOS Provider No 00002J

This message is intended for the addressee named and may contain  
confidential information.  If you are not the intended recipient,  
please delete it and notify the sender.  Views expressed in this  
message are those of the individual sender, and are not necessarily  
the views of MACCS or Macquarie University.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://auc.uow.edu.au/pipermail/unimactech/attachments/20081203/efa906bd/attachment.html