Re: [greenstone-users] Authentication issue

From Arthur R. Belanger
DateThu, 19 Apr 2007 10:40:45 -0400
Subject Re: [greenstone-users] Authentication issue
In-Reply-To (c387a3b60704190021h39e8c7cayb92ba319a7cacbd4-mail-gmail-com)
Ata,

The only thing I can see that might be wrong is that I do think you need
to provide the full path to the password file in the AuthUserFile line;
I have to do that on Linux. The only other thing I can suggest is to
look at the Apache documentation. Their authentication, authorization
and access control pages are located at

http://httpd.apache.org/docs/1.3/howto/auth.html
http://httpd.apache.org/docs/2.0/howto/auth.html
http://httpd.apache.org/docs/2.2/howto/auth.html

Look at the one for your version of apache.

Best of luck.

Ata ur Rehman wrote:
> It is a great idea and it is working nicely. But there is some problem
> which i want to share with you. It prompts for User Name / Password to
> access each page/section, e.g. i want to access a page of hmtl having 4
> sections, it asks me 4 times for pwd. How can i control it?
> What i did is as under:
>
> 1- I am using Apache 2 at Windows with GSDL 2.71
> 2- I created a .htaccess file with the following code:
>
> AuthUserFile /gsdl/collect/docs/.htpasswd [Should i give the physical
> path here e.g. C:Program FilesGreenstone....etc?]
> AuthName "AHKRC Digital Library"
> AuthType Basic
>
> <Limit GET POST>
> require valid-user
> </Limit>
>
> 3- After that I made .htpasswd file at same path /gsdl/collect/docs/
> with the following command:
>
> D:Greenstone271collectdocs>htpasswd -cmdps .htpasswd ata
> New password: **********
> Re-type new password: **********
> Adding password for user ata
>
> 4- Then I added the following code in my httpd.conf file of Apache
>
> Alias /gsdl "D:/Greenstone271"
> <Directory "D:/Greenstone271">
> Options Indexes MultiViews FollowSymLinks
> AllowOverride AuthConfig
> Order allow,deny
> Allow from all
> </Directory>
>
> Is it correct or I am making some mistake?
>
> Regards,
> Ata
>
>
> On 4/18/07, *Arthur R. Belanger * <arthur.belanger&#64;yale.edu
> <mailto:arthur.belanger@yale.edu>> wrote:
>
> Ata,
>
> The .htaccess and .htpasswd files are part of the webserver, not
> greenstone. The .htaccess file is a text file placed in the directory
> you want to protect. It protects that directory as well as all the
> subdirectories beneath it. In your case, where you want to protect the
> files in the assoc directory, put the file in the directory pointed to
> by http://[IP]/gsdl/collect/abc/index/assoc, for example
> /usr/local/gsdl/collect/abc/index/assoc. Here is a sample .htaccess
> file:
>
> AuthUserFile /usr/local/gsdl/collect/abc/.htpasswd
> AuthName "xyz"
> AuthType Basic
>
> <Limit GET POST>
> require valid-user
> </Limit>
>
> This file assumes that you create the .htpasswd file in
> /usr/local/gsdl/collect/abc
>
> xyz can be anything you want.
>
> The .htpasswd file is created with the htpasswd command.
>
> If you are usinf Linux/Unix, you can get the syntax of the htpasswd
> command by typing htpasswd at the command prompt or get a fuller
> explanation by typing man htpasswd.
>
> For this to work, you must have AllowOverride AuthConfig specified in
> the Alias /gsdl section of your webserver configuration file,
> httpd.conf.
>
> The other downside to this approach in adition to creating and
> maintaining the .htpasswd file, is that all users will be presented with
> this username/password request when they request a document form the
> assoc directory, even those who have already authenticated through the
> Greenstone authentication system, though this will only happen once per
> web browser session. This is not an ideal situation but it does work.
>
> I hope this is clear enough and helpful.
>
> Ata ur Rehman wrote:
> > Dear *Arthur R. Belanger / All
> >
> > *Thanks for response. I dont know about .htaccess and .htpasswd
> files.
> > These files are the part of Apache Server or GSDL? What will be the
> > syntax of these files and in which directory i have to create
> these files?
> >
> > I have four type of collections in my digital library. Three are
> open
> > for everybody and only one collection is username/pswd protected
> >
> > Regards,
> >
> > Ata
> >
> > On 4/17/07, *Arthur R. Belanger* < arthur.belanger@yale.edu
> <mailto:arthur.belanger@yale.edu>
> > <mailto:arthur.belanger@yale.edu
> <mailto:arthur.belanger@yale.edu>>> wrote:
> >
> > Ata,
> >
> > The Greenstone authentication system only restricts access
> through the
> > Greenstone software. The link to any particular file dows not go
> > through the GS software but is a standard url although it
> does point to
> > a location within the greenstone tree. The way I would
> resolve this
> > kind of problem is to create a .htaccess and .htpasswd file
> pair in the
> > assoc directory. This should allow you to restrict access to
> users in
> > the .htpasswd file. You would have to create this file with
> the same
> > usernames and passwords that you used in your auth_group
> xyz. This
> > should work if you are using the Apache webserver and perhaps
> others
> > though I do not have experience with them.
> >
> > Ata ur Rehman wrote:
> > > Dear All
> > >
> > > I would like to draw you attention to a very serious issue
> that i am
> > > facing now a days. I have a collection (say abc). I have
> made this
> > > collection password protected. When a user click on the
> link of
> > this
> > > collection, he has to provide username and password which
> i have
> > already
> > > defined at Admin page of my Digital Library. Now the
> problem starts
> > > when some of my users send a link of some PDF file to another
> > user like
> > >
> > >
> >
> http://[IP]/gsdl/collect/abc/index/assoc/HASH01e5/3dcc674e.dir/doc.pdf
> > >
> > > It must ask for username/password to access this document, but
> > this link
> > > opens without authentication.
> > >
> > > Is it some bug or I am doing something wrong?
> > >
> > > Please guide me
> > >
> > > Note: I have made my collection password protected by
> adding the
> > > following lines in my collect.cfg file
> > >
> > > authenticate collection
> > > auth_group xyz
> > >
> > > Regards,
> > >
> > > Ata ur Rehman,
> > >
> > > Librarian,
> > > Akhter Hameed Khan Resource Center (AHKRC),
> > > NRSP-Institute of Rural Management,
> > > F-6/4, Islamabad
> > >
> > > Ph: +92 51 2822752
> > > +92 51 2822792
> > >
> > > http://www.ahkrc.net.pk <http://www.ahkrc.net.pk
> > <http://www.ahkrc.net.pk <http://www.ahkrc.net.pk>>>
> > >
> > >
> > >
> >
> ------------------------------------------------------------------------
> > >
> > > _______________________________________________
> > > greenstone-users mailing list
> > > greenstone-users@list.scms.waikato.ac.nz
> <mailto:greenstone-users@list.scms.waikato.ac.nz>
> > <mailto: greenstone-users@list.scms.waikato.ac.nz
> <mailto:greenstone-users@list.scms.waikato.ac.nz>>
> > >
> https://list.scms.waikato.ac.nz/mailman/listinfo/greenstone-users
> >
> > --
> > Arthur Belanger
> > Medical Library System Manager
> > Academic Media & Technology
> > ITS
> > Yale University
> > 100 Church Street South, Suite 107
> > Mailcode 138
> > New Haven, CT 06519
> >
> > (203) 785-6928
> > (203) 737-2859, fax
> >
> > mailto:Arthur.Belanger@Yale.Edu
> <mailto:Arthur.Belanger@Yale.Edu> <mailto: Arthur.Belanger@Yale.Edu
> <mailto:Arthur.Belanger@Yale.Edu>>
> > http://www.yale.edu/acs
> > http://info.med.yale.edu/library
> <http://info.med.yale.edu/library> <http://info.med.yale.edu/library>
> >
>
> --
> Arthur Belanger
> Medical Library System Manager
> Academic Media & Technology
> ITS
> Yale University
> 100 Church Street South, Suite 107
> Mailcode 138
> New Haven, CT 06519
>
> (203) 785-6928
> (203) 737-2859, fax
>
> mailto:Arthur.Belanger@Yale.Edu <mailto:Arthur.Belanger@Yale.Edu>
> http://www.yale.edu/acs
> http://info.med.yale.edu/library
>
>

--
Arthur Belanger
Medical Library System Manager
Academic Media & Technology
ITS
Yale University
100 Church Street South, Suite 107
Mailcode 138
New Haven, CT 06519

(203) 785-6928
(203) 737-2859, fax

mailto:Arthur.Belanger@Yale.Edu
http://www.yale.edu/acs
http://info.med.yale.edu/library