Re: LAS Password Protection

To: las_users@xxxxxxxx
Subject: Re: LAS Password Protection
From: Jonathan Callahan <Jonathan.S.Callahan@xxxxxxxx>
Date: Tue, 08 Feb 2005 09:15:49 -0800
In-reply-to: <4.0.1-J.20050129172122.04561f00@172.16.1.3>
References: <4.0.1-J.20050129172122.04561f00@172.16.1.3>
Sender: owner-las_users@xxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Toni Jolibois answers:

       Hi all,

A response to the mail below.
I have a LAS configured with an http authentification : http://las.mersea.eu.org.
Here is my Apache configuration (Warning : this is an Apache 1.3, I don't know if the new Apache 2 which I recommend have the same syntax for the configuration) :

In the httpd.conf, I have a virtual host ($home is the path of the mersea user, change it with the good one for you) :

<VirtualHost las.mersea.eu.org>
    ServerAdmin webmaster@mersea.eu.org
    DocumentRoot $home/las/las_servlet/jakarta/webapps/
    DirectoryIndex index.html
    RedirectMatch /index.html /las/servlets/dataset
    ServerName las.mersea.eu.org
    ErrorLog logs/las.mersea.eu.org-error_log
    CustomLog logs/las.mersea.eu.org-access_log common
    ScriptAlias /las-bin/ $home/las/server/
    Alias /las-output/ $home/las/server/output/
    Include /etc/httpd/conf/mod_jk.conf-mersea
</VirtualHost>

By default, this configuration file parse the access.conf placed in the same directory, but you can put these lines into the httpd.conf.
Here is my access.conf :

#
# This is the default file for the AccessConfig directive in httpd.conf.
# It is processed after httpd.conf and srm.conf.
#
# To avoid confusion, it is recommended that you put all of your
# Apache server directives into the httpd.conf file and leave this
# one essentially empty.
#
<Directory $home/las/las_servlet/jakarta/webapps/ >
Options -Indexes
AllowOverride All
AuthType Basic
AuthName "Mersea Access "
AuthUserFile $home/users-valid
<Files "*">
require valid-user
</Files>
</Directory>

I created the $home/users-valid with the Apache utility "htpasswd" in order to have a user and an encrypted password.
Please see http://httpd.apache.org/docs/howto/auth.html for Apache 1.3 and http://httpd.apache.org/docs-2.0/howto/auth.html for Apache 2, all is explained.

Note that there is an other way to configure http password for a virtual host and not for a directory.

If you have specific question please send me a mail.

Regards,
Tony Jolibois

benb wrote:

Hello All,

To satisfy the data access policy for my project I need to require a logon to
my LAS site (anyone can get a password, we just need to keep track of everyone
that accesses the site).  I saw "Adding password protection" in the FAQ at
http://ferret.pmel.noaa.gov/Ferret/LAS/FAQ/password_protection.htm but this 
does
not work and seems to apply to version 5 and below.  I'm running LAS 6.3.  Can
anyone tell me how to achieve password protection with this version?

The following is what I put in Apache httpd.conf (which doesn't work):
 
-----
Alias /las "/usr/local/las/las/las_servlet/jakarta/webapps/las"
<Directory /usr/local/las/las/las_servlet/jakarta/webapps/las/>
    AddHandler cgi-script .pl
    Options +ExecCGI
    AuthUserFile /usr/local/apache2/.auto_pass/.auto_pass.txt
    AuthGroupFile /dev/null
    AuthName 'WTF-CEOP members'
    AuthType Basic
    <Limit GET POST >
    require valid-user
    </Limit>
</Directory>
------


Thank you,

Ben

References:
- LAS Password Protection
  - From: benb

Previous by thread: LAS Password Protection
Next by thread: Re: LAS Password Protection

[Thread Prev][Thread Next][Index]

Dept of Commerce / NOAA / OAR / PMEL / TMAP
Contact Us | Privacy Policy | Disclaimer | Accessibility Statement