kshAuth - Authentication and Authorization Interface for Apache 2.2+ Web Server

Version 0.2

Installation instructions for kshAuth

Assumptions:

• kshAuth is being installed on a system that currently has Korn Shell 93 installed at "/usr/bin/ksh93".
• kshAuth is being installed on a system currently running Apache 2.2+.
• A document directory called "htdocs" exists on your Apache 2.2+ web server.
• The "htpasswd" command exists at the location "/usr/sbin/htpasswd2".

Recommendations:

• Problems have been observed attempting to run kshAuth with Apache 2.2+ where the apache binaries have been installed from an "rpm" archive. It is recommended that Apache 2.2+ be compiled from source code for best results.

The kshAuth Directory Based Authorization System is distributed as a gzipped tarball and normally has a name such as:

kshAuth-X.XX.tar.gz

Where X.XX represents the version number.

To extract the utilities contained in the gzipped tarball - perform these tasks in the following order:

1. Login to the system hosting the Apache 2.2+ web server as "root".
2. Download the gzipped tarball into the "/tmp" directory of the system running the Apache 2.2+ web server, where it is to be installed.
3. Change to the top level Apache directory, this will be the directory immediately above the "cgi-bin" and "htdocs" directories. The example used in the remainder of this installation guide will be "/usr/local/apache2".
4. Extract the gzipped tarball using one of the following methods:

   cd /usr/local/apache2
   gzip -cd /tmp/kshAuth-X.XX.tar.gz | tar -xvf -
   

   OR

   cd /tmp
   gunzip /tmp/kshAuth-X.XX.tar.gz
   cd /usr/local/apache2
   tar -xvf /tmp/kshAuth-X.XX.tar
   

5. Determine the user and group associated with the Apache "httpd" processes:

   egrep 'User|Group' /usr/local/apache2/conf/*.conf
   

   For example purposes, the user "daemon" and the group "daemon" will be used in the following steps. Substitute this example user and group with your actual user and group name.

6. Change the owner and group of all kshAuth files to your "httpd" user and group, also set the permissions as shown.

   cd /usr/local/apache2
   chown -R daemon:daemon ./kshAuth
   chown -R daemon:daemon ./cgi-bin/kshAuth
   chown -R daemon:daemon ./htdocs/kshAuth
   chmod -R 775 ./kshAuth
   chmod -R 555 ./cgi-bin/kshAuth
   chmod -R 775 ./htdocs/kshAuth
   

   The "./kshAuth" and "./htdocs/kshAuth" directories require "write" permission so the utilities can create/modify/delete password protection information.

7. Modify the "httpd.conf" file to allow options to be overridded by the contents of the ".htaccess" file. Change the "AllowOverride" directive to "All"

   AllowOverride All
   

8. Restart the Apache 2.2+ web server to activate the configuration changes.
9. Place all content to be password protected under the directory:

   /usr/local/apache2/htdocs/kshAuth
   

10. Perform test by accessing the kshAuth Utilities page:

    http://localhost/cgi-bin/kshAuth/utilities.cgi
    

    Where "localhost" can be replaced by the name of your Apache web server.

If the directory administrator password does not work, you may need to regenerate the directory administrator password files. To do this, change directories into the top level kshAuth authorization directory and run the following commands:

cd  /usr/local/apache2/kshAuth
/usr/sbin/htpasswd2 -c -b -s .diradmin   admin  password
/usr/sbin/htpasswd2 -c -b -s .AID_admin  admin  password