logo

Manual Pages


Table of Contents

NAME

na_httpd.access - authentication controls for HTTP access

SYNOPSIS

/etc/httpd.access

DESCRIPTION

The HTTP daemon can apply authentication controls to individual users or groups on a per directory basis. The file /etc/httpd.access specifies the following items for each access-controlled tree:

the path to the tree

the authority required to authenticate access to the tree

the lists of users or groups who are permitted access when authenticated

The syntax is the same as the access control syntax used by NCSA and Apache. However, the httpd.access file only supports a subset of directives supported by NCSA and Apache. You can copy an existing NCSA or Apache access to the filer without editing or reformatting.

SYNTAX

The supported directives are:
<Directory directory_name>
</Directory>
AuthName Title phrase
require user user_id[, user_id,...] require group group_id[, group_id,...]

where Title phrase is a word or phrase that is passed to the authentication dialog as a title for the dialog that prompts the user for a password.

EXAMPLES

The following example restricts access to the file /home/htdocs/private/bob so that only user dole can access it, after supplying the required password. The authentication dialog is titled ``My private stuff.''

<Directory /home/htdocs/private/bob> AuthName My private stuff
<Limit GET>
require user dole
</Limit>
</Directory>

The <Limit GET> and </Limit> directives are not supported, but are retained for format consistency with NCSA and Apache. The filer just ignores them.

The following example restricts access to the directory tree /home/htdocs/private/conspiracy to the group ``guyinblack'', which consists of the users whose IDs are cancer, deepthroat, mrx, and skinner. The authentication dialog is titled ``Area 51.''

<Directory /home/htdocs/private/conspiracy> AuthName Area 51
<Limit GET>
require group guyinblack
</Limit GET>
</Directory>

In this example, ``guyinblack'' is defined by the following entry in /etc/httpd.group:

guyinblack: cancer deepthroat mrx skinner

The following example requires the client to provide a Windows Domain username and password to access the directory tree /home/htdocs/win. The authentication dialog is ``Windows(tm) Authentication'' This authentication dialog, typed exactly as presented here, is required to enforce NTLM authentication.

<Directory /home/htdocs/win>
AuthName Windows(tm) Authentication </Directory>

If this authentication control is used the Filer must have CIFS running, and either be a member of a Windows Domain or be using Local User authentication.

EFFECTIVE

Any changes take effect within 5 minutes

PERSISTENCE

Changes are persistent across system reboots.

SEE ALSO

na_httpd.passwd(5), na_httpd.group(5).

BUGS

Only the directives listed above are supported; other directives that may appear in NCSA or Apache access files are ignored.


Table of Contents