kshAuth - Authentication and Authorization Interface for Apache
2.2+ Web Server
Version 0.2
Installation instructions for kshAuth
Assumptions:
- kshAuth is being installed on a system that currently has
Korn Shell 93
installed at "
/usr/bin/ksh93 ".
- kshAuth is being installed on a system currently running Apache
2.2+.
- A document directory called "htdocs" exists on your Apache 2.2+ web
server.
- The "htpasswd" command exists at the location
"
/usr/sbin/htpasswd2 ".
Recommendations:
- Problems have been observed attempting to run kshAuth with Apache
2.2+ where the apache binaries have been installed from an "rpm"
archive. It is recommended that Apache 2.2+ be compiled from source
code for best results.
The kshAuth Directory Based Authorization System is
distributed as a gzipped tarball and normally has a name
such as:
kshAuth-X.XX.tar.gz
Where X.XX represents the version number.
To extract the utilities contained in the gzipped
tarball - perform these tasks in the following order:
- Login to the system hosting the Apache 2.2+ web
server as "root".
- Download the gzipped tarball into the "/tmp"
directory of the system running the Apache 2.2+ web
server, where it is to be installed.
- Change to the top level Apache directory, this will
be the directory immediately above the "cgi-bin" and
"htdocs" directories. The example used in the
remainder of this installation guide will be
"/usr/local/apache2".
- Extract the gzipped tarball using one of the
following methods:
cd /usr/local/apache2
gzip -cd /tmp/kshAuth-X.XX.tar.gz | tar -xvf -
OR
cd /tmp
gunzip /tmp/kshAuth-X.XX.tar.gz
cd /usr/local/apache2
tar -xvf /tmp/kshAuth-X.XX.tar
- Determine the user and group associated with the
Apache "httpd" processes:
egrep 'User|Group' /usr/local/apache2/conf/*.conf
For example purposes, the user "daemon" and the group
"daemon" will be used in the following steps. Substitute
this example user and group with your actual user and
group name.
- Change the owner and group of all kshAuth files to
your "httpd" user and group, also set the permissions
as shown.
cd /usr/local/apache2
chown -R daemon:daemon ./kshAuth
chown -R daemon:daemon ./cgi-bin/kshAuth
chown -R daemon:daemon ./htdocs/kshAuth
chmod -R 775 ./kshAuth
chmod -R 555 ./cgi-bin/kshAuth
chmod -R 775 ./htdocs/kshAuth
The "./kshAuth" and "./htdocs/kshAuth" directories
require "write" permission so the utilities can
create/modify/delete password protection information.
- Modify the "httpd.conf" file to allow options to be
overridded by the contents of the ".htaccess" file.
Change the "AllowOverride" directive to "All"
AllowOverride All
- Restart the Apache 2.2+ web server to activate the
configuration changes.
- Place all content to be password protected under the
directory:
/usr/local/apache2/htdocs/kshAuth
- Perform test by accessing the kshAuth Utilities page:
http://localhost/cgi-bin/kshAuth/utilities.cgi
Where "localhost" can be replaced by the name of your
Apache web server.
If the directory administrator password does not work,
you may need to regenerate the directory administrator
password files. To do this, change directories into the
top level kshAuth authorization directory and run the
following commands:
cd /usr/local/apache2/kshAuth
/usr/sbin/htpasswd2 -c -b -s .diradmin admin password
/usr/sbin/htpasswd2 -c -b -s .AID_admin admin password
|