[Thread Prev][Thread Next][Index]
Re: Q: user and passwd protection
Bob,
> There are some concerns about running the protection.
> 1) Is there string length limitation for the attribute "allow" of the
<Context>
> tag? If so, I might have problem to allow more IPs to our LAS. I tried to
have
> more <Valve> tags under the <Context>, but that didn't work.
if more IP is allowed... you can add as many as you want.. for examples,
128.171.156.141, 128,171.156.98, ....,....
also if you want all IP with 128.171.156 to be allowed to access.. then
you simply use 128.171.156
> 2) Is it possible to use the SSL HTTP/1.1 Connector that is commented
out in
> the server.xml file? I tried modify the server.xml file that way, but
could not
> going through it.
>
> Over all, the passwd protection is better than the IP-control protection,
in my
> case. Does the LAS future release will have this feature?
>
> Bob
>
> yingshuo shen wrote:
>
> > bob,
> >
> > you may set the path relative to your tomcat's webapps, in your
case it
> > seems /las
> >
> > in your default server.xml ... you may find
> >
> > <Context path="/manager" docBase="manager" debug="0" privileged="true"/>
> >
> > so you may add this just before that part... it should be fine
> >
> > ----- Original Message -----
> > From: "Bob Yu" <yuy@nemo.gsfc.nasa.gov>
> > Cc: <las_users@ferret.wrc.noaa.gov>
> > Sent: Monday, June 30, 2003 5:48 AM
> > Subject: Re: Q: user and passwd protection
> >
> > > Hi Yingshuo and Steve,
> > >
> > > I'd like to to try the IP control access. Yingshuo, will you tell me
that
> > in the
> > > server.xml, under which tag I should add the <Context> tag? How to
specify
> > the
> > > path and docBase attributes? If my las is installed at /home/yuy/las,
> > shoild I
> > > set the path="/home/yuy/las"?
> > >
> > > Thanks.
> > >
> > > yingshuo shen wrote:
> > >
> > > > steve and bob,
> > > >
> > > > las6 is very different from las5 because it uses java servlet...
one
> > way
> > > > to put restriction that seems very easy is to control IP address
access.
> > > >
> > > > in conf/server.xml
> > > >
> > > > add
> > > >
> > > > <Context path="/yourlas" docBase="yourlas" crossContext="false"
> > debug="0"
> > > > reloadable="false">
> > > > <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> > > > allow="128.171.156.141" />
> > > > </Context>
> > > >
> > > > ----- Original Message -----
> > > > From: "Steve Cousins" <cousins@limpet.umeoce.maine.edu>
> > > > To: "Bob Yu" <yuy@nemo.gsfc.nasa.gov>
> > > > Cc: <las_users@ferret.wrc.noaa.gov>
> > > > Sent: Friday, June 27, 2003 3:55 PM
> > > > Subject: Re: Q: user and passwd protection
> > > >
> > > > >
> > > > >
> > > > >
> > > > > On Fri, 27 Jun 2003, Bob Yu wrote:
> > > > >
> > > > > > Hi there,
> > > > > >
> > > > > > Anyone has done the passwd protect for the LAS? I tried to do so
,
> > but
> > > > not success. Any hints?
> > > > > >
> > > > > > This is what I did:
> > > > > > 1) create a users (user, passwd) file using htpasswd, under
> > > > /etc/httpd/conf/users
> > > > > > 2) insert these lines in httpd.conf:
> > > > > >
> > > > > > <Directory /home/yuy/las>
> > > > > > AddHandler cgi-script .pl
> > > > > > Options +ExecCGI
> > > > > > AuthName "LAS restricted data"
> > > > > > AuthType Basic
> > > > > > AuthUserFile /etc/httpd/conf/users
> > > > > > require user yuy
> > > > > > </Directory>
> > > > > >
> > > > > > where /home/yuy/las is the LAS directory I want to protected.
> > > > > >
> > > > > > I got java exceptions when tried it.
> > > > > >
> > > > > > additional question: The httpd passwd protection is for apache
> > > > > > service, not the servlet service. Therefore, before the very end
> > step
> > > > > > of displaying data at LAS when apache server is not touched yet,
the
> > > > > > passwd protection can not be applied. Is that right? If so, is
there
> > a
> > > > > > way to protect the servlet service?
> > > > > >
> > > > > > Thanks,
> > > > > >
> > > > > > --
> > > > > > (Bob) Yunyue YU
> > > > > > Code 971, Goddard Space Flight Center
> > > > > > Greenbelt, MD 20771
> > > > > > (301)614-6850 yuy@nemo.gsfc.nasa.gov
> > > > >
> > > > >
> > > > > The way I did it was to use:
> > > > >
> > > > > <Directory /usr/local/src/lasxml/ui/>
> > > > > AllowOverride AuthConfig
> > > > > AddHandler cgi-script .pl
> > > > > Options +ExecCGI
> > > > > </Directory>
> > > > >
> > > > > Then I put a .htaccess file in the /usr/local/src/lasxml/ui/
directory
> > > > > that looked like:
> > > > >
> > > > > AuthUserFile /usr2/WWW/passwords
> > > > > AuthGroupFile /dev/null
> > > > > AuthName "access to OMG LAS Server"
> > > > > AuthType Basic
> > > > >
> > > > > <Limit GET>
> > > > > require user las
> > > > > </Limit>
> > > > >
> > > > >
> > > > > Then I used htpasswd to add a password for user "las" in the
password
> > file
> > > > > /usr2/WWW/passwords.
> > > > >
> > > > > This makes it so anyone going to this LAS directory at all will be
> > asked
> > > > > for a password. I haven't tried this with LAS 6 yet though.
> > > > >
> > > > > I hope this helps.
> > > > >
> > > > > Good Luck,
> > > > >
> > > > > Steve
> > > > >
> > > > > P.S. I'm sorry if someone else has already answered this. One of
our
> > > > > campus email servers is lagging quite a bit and I'm still
receiving
> > email
> > > > > from this morning. It will be a few hours before it has caught
up.
> > > > >
> > > > > _____________________________________________________________
> > > > > Steve Cousins Email: cousins@umit.maine.edu
> > > > > Research Associate Phone: (207) 581-4302
> > > > > Ocean Modeling Group
> > > > > School of Marine Sciences 208 Libby Hall
> > > > > University of Maine Orono, Maine 04469
> > > > >
> > > > >
> > > > >
> > >
> > > --
> > >
> > >
> > > --
> > > (Bob) Yunyue YU
> > > Code 971, Goddard Space Flight Center
> > > Greenbelt, MD 20771
> > > (301)614-6850 yuy@nemo.gsfc.nasa.gov
> > >
> > >
>
> --
>
>
> --
> (Bob) Yunyue YU
> Code 971, Goddard Space Flight Center
> Greenbelt, MD 20771
> (301)614-6850 yuy@nemo.gsfc.nasa.gov
>
>
[Thread Prev][Thread Next][Index]
Dept of Commerce /
NOAA /
OAR /
PMEL /
TMAP
Contact Us | Privacy Policy | Disclaimer | Accessibility Statement