Scribd Logo
Upload

Welcome to Scribd!

  • 46 views

    Authentication in Apache

    Uploaded by

    prablpu
    Apache provides several methods for authentication, including file-based authentication using mod_auth and mod_auth_dbm modules, and database-based authentication. Setting up Apache authentication involves enabling the AllowOverride directive for protected directories and creating a password file. Different authentication controls available in Apache include basic, digest, NTLM, and alternate authentication. Key authentication directives are AuthName, AuthType, AuthUserFile, and AuthGroupFile.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd

    Authentication in Apache

    Uploaded by

    prablpu
    46 views14 pages
    Apache provides several methods for authentication, including file-based authentication using mod_auth and mod_auth_dbm modules, and database-based authentication. Setting up Apache authentication involves enabling the AllowOverride directive for protected directories and creating a password file. Different authentication controls available in Apache include basic, digest, NTLM, and alternate authentication. Key authentication directives are AuthName, AuthType, AuthUserFile, and AuthGroupFile.

    Original Title

    Authentication in apache

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Apache provides several methods for authentication, including file-based authentication using mod_auth and mod_auth_dbm modules, and database-based authentication. Setting up Apache authentication involves enabling the AllowOverride directive for protected directories and creating a password file. Different authentication controls available in Apache include basic, digest, NTLM, and alternate authentication. Key authentication directives are AuthName, AuthType, AuthUserFile, and AuthGroupFile.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    46 views14 pages

    Authentication in Apache

    Uploaded by

    prablpu
    Apache provides several methods for authentication, including file-based authentication using mod_auth and mod_auth_dbm modules, and database-based authentication. Setting up Apache authentication involves enabling the AllowOverride directive for protected directories and creating a password file. Different authentication controls available in Apache include basic, digest, NTLM, and alternate authentication. Key authentication directives are AuthName, AuthType, AuthUserFile, and AuthGroupFile.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    of 14

    TOPIC

    AUTHENTICATION IN APACHE

    Submitted to Submitted by
    Ms. Jasleen Prabjot
    3010060036
    Roll no 25
    Apache Authentication
    Authentication is any process by which you verify
    that someone is who they claim they are. This usually
    involves a username and a password, but can include
    any other method of demonstrating identity, such as a
    smart card, retina scan, voice recognition, or
    fingerprints.
    For Example:- Authentication is equivalent to
    showing your drivers license at the ticket counter at
    the airport.
    A sample authentication window

    www.myserver.com
    Setting up apache authentication
    Make sure that for the <directory> entry that you are
    using, the AllowOverride AuthConfig
    directive is on.
    Secondly you must create a password file for the
    “zone” that you are protecting.
    Authentication
     Apache provides several different methods of authentication
     File based authentication
     Mod_Auth – Authenticates users by looking up user names
    and passwords in a file created by the HTPASSWD utility
     Mod_Auth_Digest – Similar to Mod_Auth except it only
    accepts digest encrypted credentials
     Database based authentication
     Mod_AuthDBM – Authenticates users by looking up user
    names and passwords in a database managed by the
    DBMMANAGE utility

    Different Authentication controls
    1. Basic
    2. Digest
    3. NTLM
    4. Alternate Authentication
    Apache
    User Authentication Directives
    Directive Description

    AuthName Specifies descriptive text for user authentication that appears on the
    user’s browser when the request is made to log on. Example:
    AuthName Internal Product Information
    AuthType Specifies the authentication type. Digest not supported so use
    Basic. Example: AuthType Basic
    AuthUserFile Specifies the complete path to the user authentication file.
    Example: AuthUserFile /var/www/users
    AuthGroupFile Specifies the complete path to the text file that associates users with
    groups.
    require Defines which users in the user authentication file are allowed access
    to the directory. Examples:
    require user fpessoa lcamoes
    require group developers designers
    require valid-user
    AuthType
    Syntax:-
    AuthType type
    directory, .htaccess
    •AuthType specifies the type of authorization control.
    Basic was originally the only possible type, but Apache
    1.1 introduced Digest, which uses an MD5 digest and a
    shared secret
    AuthName
    Syntax:-
    AuthName auth-realm
    directory, .htaccess
    AuthName gives the name of the realm in which the
    users' names and passwords are valid.
    AuthGroupFile
    Syntax:-
    AuthGroupFile filename
    directory, .htaccess
    AuthGroupFile has nothing to do with the Group
    webgroup directive at the top of the Config file. It gives
    the name of another file that contains group names and
    their members:
    AuthAuthoritative
    Syntax:-
    AuthAuthoritative on off
    Default: AuthAuthoritative on
    directory, .htaccess
    It setting the AuthAuthoritative directive explicitly
    allows for both authentication or authorization to be
    pass on lower level modules.
    Anonymous vs. Authenticated
    Modes
    Uses public rights vs. logging in with a special user ID
    and password
     Anonymous mode requires public access rights to Directory attributes
    • Home Directory – User home directory information
    • Host Server – Physical server name
    • Host Resource Name – Physical volume name
    Authenticated mode requires a special user object
    with browse rights to USER and VOLUME objects
    Authenticated Mode – Pros vs.
    Cons
    Pros Cons
    • Does not require administrator • Requires a special
    intervention to allow home directory Apache user object
    access in eDirectory
    • Allows binding directly to LDAP or a • Requires that a user
    remote file system rather than name and password
    depending on public rights be stored in a
    • Allows the Apache server to acquire configuration file
    home directory information from any
    LDAP server
    • All access to home directories or remote
    file systems can be controlled through a
    single Apache user object

    13
    THANKS……….

    You might also like