Re: Q: user and passwd protection

[Bob Yu <yuy@xxxxxxxxxxxxxxxxxx>]

Hi Yingshuo and Steve,

I'd like to to try the IP control access. Yingshuo, will you tell me that in the
server.xml, under which tag I should add the <Context> tag? How to specify the
path and docBase attributes? If my las is installed at  /home/yuy/las, shoild I
set the path="/home/yuy/las"?

Thanks.

yingshuo shen wrote:

> steve and bob,
>
>   las6 is very different from las5 because it uses java servlet...  one way
> to put restriction that seems very easy is to control IP address access.
>
>  in conf/server.xml
>
> add
>
> <Context path="/yourlas" docBase="yourlas" crossContext="false" debug="0"
> reloadable="false">
>   <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> allow="128.171.156.141" />
>   </Context>
>
> ----- Original Message -----
> From: "Steve Cousins" <cousins@limpet.umeoce.maine.edu>
> To: "Bob Yu" <yuy@nemo.gsfc.nasa.gov>
> Cc: <las_users@ferret.wrc.noaa.gov>
> Sent: Friday, June 27, 2003 3:55 PM
> Subject: Re: Q: user and passwd protection
>
> >
> >
> >
> > On Fri, 27 Jun 2003, Bob Yu wrote:
> >
> > > Hi there,
> > >
> > > Anyone has done the passwd protect for the LAS? I tried to do so , but
> not success. Any hints?
> > >
> > > This is what I did:
> > > 1) create a users (user, passwd)  file using htpasswd, under
> /etc/httpd/conf/users
> > > 2) insert these lines in httpd.conf:
> > >
> > >      <Directory /home/yuy/las>
> > >           AddHandler cgi-script .pl
> > >           Options +ExecCGI
> > >           AuthName "LAS restricted data"
> > >           AuthType Basic
> > >           AuthUserFile /etc/httpd/conf/users
> > >           require user yuy
> > >      </Directory>
> > >
> > > where /home/yuy/las is the LAS directory I want to protected.
> > >
> > > I got java exceptions when tried it.
> > >
> > > additional question: The httpd passwd protection is for apache
> > > service, not the servlet service. Therefore, before the very end step
> > > of displaying data at LAS when apache server is not touched yet, the
> > > passwd protection can not be applied. Is that right? If so, is there a
> > > way to protect the servlet service?
> > >
> > > Thanks,
> > >
> > > --
> > > (Bob) Yunyue YU
> > > Code 971, Goddard Space Flight Center
> > > Greenbelt, MD 20771
> > > (301)614-6850  yuy@nemo.gsfc.nasa.gov
> >
> >
> > The way I did it was to use:
> >
> > <Directory /usr/local/src/lasxml/ui/>
> >    AllowOverride AuthConfig
> >    AddHandler cgi-script .pl
> >    Options +ExecCGI
> > </Directory>
> >
> > Then I put a .htaccess file in the /usr/local/src/lasxml/ui/ directory
> > that looked like:
> >
> > AuthUserFile /usr2/WWW/passwords
> > AuthGroupFile /dev/null
> > AuthName "access to OMG LAS Server"
> > AuthType Basic
> >
> > <Limit GET>
> > require user las
> > </Limit>
> >
> >
> > Then I used htpasswd to add a password for user "las" in the password file
> > /usr2/WWW/passwords.
> >
> > This makes it so anyone going to this LAS directory at all will be asked
> > for a password.  I haven't tried this with LAS 6 yet though.
> >
> > I hope this helps.
> >
> > Good Luck,
> >
> > Steve
> >
> > P.S. I'm sorry if someone else has already answered this.  One of our
> > campus email servers is lagging quite a bit and I'm still receiving email
> > from this morning.  It will be a few hours before it has caught up.
> >
> > _____________________________________________________________
> >  Steve Cousins                 Email: cousins@umit.maine.edu
> >  Research Associate            Phone: (207) 581-4302
> >  Ocean Modeling Group
> >  School of Marine Sciences     208 Libby Hall
> >  University of Maine           Orono, Maine 04469
> >
> >
> >

--


--
(Bob) Yunyue YU
Code 971, Goddard Space Flight Center
Greenbelt, MD 20771
(301)614-6850  yuy@nemo.gsfc.nasa.gov