Password lock a web page

From CVL Wiki

(Difference between revisions)
Jump to: navigation, search
(New page: There are several different way to protect a web page on the CVL. All of these methods depend upon creating a file in the directory that you want to password protect. This file is called ...)
 
(Option 1: htpasswd)
 
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
There are several different way to protect a web page on the CVL.  All of these methods depend upon creating a file in the directory that you want to password protect.
+
To add password protection to your website hosted on the ECE webserver, you can create a HyperText Access file ('''.htaccess''') in the directory that you want to password protect. This file will password protect all of the files (web pages) in that directory and all files in any subdirectories.
This file is called '''.htaccess'''. Please note that the name of this file starts with a period.
+
*'''Please note that the file must start with a period "."'''
 +
 
 +
More information about .htaccess files here: https://httpd.apache.org/docs/2.4/howto/htaccess.html
 +
 
 +
There are two methods of password authentication that can be employed to protect your webpage.
 +
 
 +
==Option 1: htpasswd==
 +
This is a flat file that sits in your home directory and contains a list of usernames and password hashes. You can use the [https://httpd.apache.org/docs/2.2/programs/htpasswd.html htpasswd] command to add users to the file. This option has the benefit of not being tied to any particular user account (local or ldap). You can even create a single user/pass and share it with anyone.
 +
*We strongly recommend NOT putting the htpasswd file under the public_html folder, but instead in your home directory root. This prevents accidental access to the file via the website
 +
 
 +
Here is the format of the .htaccess file for this option
 +
 
 +
AuthType Basic
 +
AuthName "Password Required"
 +
AuthUserFile /home/<ECEUSER>/password.file
 +
require valid-user
 +
 
 +
==Option 2: VT PID==
 +
This option uses Virginia Tech's PID and password authentication. You can allow all valid PID's, or provide a list of specific usernames.  
 +
 
 +
Here is the format of the .htaccess file for this option (all valid PID's)
 +
 
 +
AuthType Basic
 +
AuthBasicProvider ldap
 +
AuthzLDAPAuthoritative Off
 +
AuthName "Virginia Tech ED-Auth (PID/pass)"
 +
AuthLDAPURL ldaps://authn.directory.vt.edu:636/ou=People,dc=vt,dc=edu?uupid
 +
require valid-user
 +
 
 +
To allow only specific users, change the '''require valid-user''' line to a space delimited list
 +
require user pid1 pid2 pid3
 +
 
 +
==Option 3: ECE Accounts==
 +
*'''This option is untested!'''
 +
 
 +
This follows the same basic structure for Option 2, but uses the ECE ldap instead of the VT ldap
 +
 
 +
AuthType Basic
 +
AuthBasicProvider ldap
 +
AuthzLDAPAuthoritative Off
 +
AuthName "ECE Account Credentials"
 +
AuthLDAPURL ldap://auth.ece.vt.edu:/ou=people,dc=ece,dc=vt,dc=edu?uid
 +
require valid-user

Latest revision as of 08:22, 19 September 2014

To add password protection to your website hosted on the ECE webserver, you can create a HyperText Access file (.htaccess) in the directory that you want to password protect. This file will password protect all of the files (web pages) in that directory and all files in any subdirectories.

  • Please note that the file must start with a period "."

More information about .htaccess files here: https://httpd.apache.org/docs/2.4/howto/htaccess.html

There are two methods of password authentication that can be employed to protect your webpage.

[edit] Option 1: htpasswd

This is a flat file that sits in your home directory and contains a list of usernames and password hashes. You can use the htpasswd command to add users to the file. This option has the benefit of not being tied to any particular user account (local or ldap). You can even create a single user/pass and share it with anyone.

  • We strongly recommend NOT putting the htpasswd file under the public_html folder, but instead in your home directory root. This prevents accidental access to the file via the website

Here is the format of the .htaccess file for this option

AuthType Basic
AuthName "Password Required"
AuthUserFile /home/<ECEUSER>/password.file
require valid-user

[edit] Option 2: VT PID

This option uses Virginia Tech's PID and password authentication. You can allow all valid PID's, or provide a list of specific usernames.

Here is the format of the .htaccess file for this option (all valid PID's)

AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative Off
AuthName "Virginia Tech ED-Auth (PID/pass)"
AuthLDAPURL ldaps://authn.directory.vt.edu:636/ou=People,dc=vt,dc=edu?uupid
require valid-user

To allow only specific users, change the require valid-user line to a space delimited list

require user pid1 pid2 pid3

[edit] Option 3: ECE Accounts

  • This option is untested!

This follows the same basic structure for Option 2, but uses the ECE ldap instead of the VT ldap

AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative Off
AuthName "ECE Account Credentials"
AuthLDAPURL ldap://auth.ece.vt.edu:/ou=people,dc=ece,dc=vt,dc=edu?uid
require valid-user
Views
Personal tools
Support