Level 2 Access Control
The level 2 access control, when implemented, will provide all the
functionality of level 1 access control plus:
- The ability to restrict access based upon username.
- The ability to restrict access based upon ACL files in the protected
directories.
Configuration
First, create a protection setup file. The protection setup file is used
to locate the authentication databases needed to perform the authentication.
Different protection domains may specify different protection files.
A protection setup file may also specify host-based access control via
maskgroup or getmask directives.
Edit the rules file to include an authenticator directive to make the
server start the authenticator sub-process. Add protect rules for
the files or directories to be protected, specifying the protection setup
file that applies.
Operation
When the URL translation triggers a protect rule in the rules file, the server
sends an authentication request along with any pertinent request header
fields (authorization, url) to the authenticator. The authenticator
validates the request and returns either a true or a false. If a false is
returned, the authenticator also returns the HTTP response to send to the
client which includes www-authenticate headers for the authorization
types it understands.
The Sample Authenticator
The server distribution includes a
template authenticator
that merely checks that the password is the correct encryption of the
username. One should not use this authenticator for any purpose other
than to demonstrate the server's machinery for level 2 protection is
operating correctly.
The CEL Authenticator
The server distribution also contains an authenticator originally
developed by Charles Lane (lane@duphy4.physics.drexel.edu). With this
authenticator, the setup file is pairs of username/passwords with an option
to take the username or password or both from the systems SYSUAF file.
David Jones, Ohio State University