Re: [greenstone-users] Authentication issue

From Ata ur Rehman
DateThu, 19 Apr 2007 12:21:10 +0500
Subject Re: [greenstone-users] Authentication issue
In-Reply-To (46261ACA-9010602-yale-edu)
It is a great idea and it is working nicely.  But there is some problem which i want to share with you.  It prompts for User Name / Password to access each page/section, e.g. i want to access a page of hmtl having 4 sections, it asks me 4 times for pwd.  How can i control it?
What i did is as under:

1- I am using Apache 2 at Windows with GSDL 2.71
2- I created a .htaccess file with the following code:

AuthUserFile /gsdl/collect/docs/.htpasswd [Should i give the physical path here e.g. C:Program FilesGreenstone....etc?]
AuthName "AHKRC Digital Library"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

3- After that I made .htpasswd file at same path /gsdl/collect/docs/ with the following command:

D:Greenstone271collectdocs>htpasswd -cmdps .htpasswd ata
New password: **********
Re-type new password: **********
Adding password for user ata

4- Then I added the following code in my httpd.conf file of Apache

  Alias /gsdl "D:/Greenstone271"
  <Directory "D:/Greenstone271">
     Options Indexes MultiViews FollowSymLinks
     AllowOverride AuthConfig
     Order allow,deny
     Allow from all
  </Directory>

Is it correct or I am making some mistake?

Regards,
Ata


On 4/18/07, Arthur R. Belanger <arthur.belanger@yale.edu> wrote:
Ata,

The .htaccess and .htpasswd files are part of the webserver, not
greenstone.  The .htaccess file is a text file placed in the directory
you want to protect.  It protects that directory as well as all the
subdirectories beneath it.  In your case, where you want to protect the
files in the assoc directory, put the file in the directory  pointed to
by http://[IP]/gsdl/collect/abc/index/assoc, for example
/usr/local/gsdl/collect/abc/index/assoc.  Here is a sample .htaccess file:

AuthUserFile /usr/local/gsdl/collect/abc/.htpasswd
AuthName "xyz"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

This file assumes that you create the .htpasswd file in
/usr/local/gsdl/collect/abc

xyz can be anything you want.

The .htpasswd file is created with the htpasswd command.

If you are usinf Linux/Unix, you can get the syntax of the htpasswd
command by typing htpasswd at the command prompt or get a fuller
explanation by typing man htpasswd.

For this to work, you must have  AllowOverride AuthConfig specified in
the Alias /gsdl section of your webserver configuration file, httpd.conf.

The other downside to this approach in adition to creating and
maintaining the .htpasswd file, is that all users will be presented with
this username/password request when they request a document form the
assoc directory, even those who have already authenticated through the
Greenstone authentication system, though this will only happen once per
web browser session.  This is not an ideal situation but it does work.

I hope this is clear enough and helpful.

Ata ur Rehman wrote:
> Dear *Arthur R. Belanger / All
>
> *Thanks for response.  I dont know about .htaccess and .htpasswd files.
> These files are the part of Apache Server or GSDL?  What will be the
> syntax of these files and in which directory i have to create these files?
>
> I have four type of collections in my digital library.  Three are open
> for everybody and only one collection is username/pswd protected
>
> Regards,
>
> Ata
>
> On 4/17/07, *Arthur R. Belanger* < arthur.belanger@yale.edu
> <mailto:arthur.belanger@yale.edu>> wrote:
>
>     Ata,
>
>     The Greenstone authentication system only restricts access through the
>     Greenstone software.  The link to any particular file dows not go
>     through the GS software but is a standard url although it does point to
>     a location within the greenstone tree.  The way I would resolve this
>     kind of problem is to create a .htaccess and .htpasswd file pair in the
>     assoc directory.  This should allow you to restrict access to users in
>     the .htpasswd file.  You would have to create this file with the same
>     usernames and passwords that you used in your auth_group xyz.  This
>     should work if you are using the Apache webserver and perhaps others
>     though I do not have experience with them.
>
>     Ata ur Rehman wrote:
>      > Dear All
>      >
>      > I would like to draw you attention to a very serious issue that i am
>      > facing now a days.  I have a collection (say abc).  I have made this
>      > collection password protected.  When a user click on the link of
>     this
>      > collection, he has to provide username and password which i have
>     already
>      > defined at Admin page of my Digital Library.  Now the problem starts
>      > when some of my users send a link of some PDF file to another
>     user like
>      >
>      >
>     http://[IP]/gsdl/collect/abc/index/assoc/HASH01e5/3dcc674e.dir/doc.pdf
>      >
>      > It must ask for username/password to access this document, but
>     this link
>      > opens without authentication.
>      >
>      > Is it some bug or I am doing something wrong?
>      >
>      > Please guide me
>      >
>      > Note: I have made my collection password protected by adding the
>      > following lines in my collect.cfg file
>      >
>      > authenticate collection
>      > auth_group xyz
>      >
>      > Regards,
>      >
>      > Ata ur Rehman,
>      >
>      > Librarian,
>      > Akhter Hameed Khan Resource Center (AHKRC),
>      > NRSP-Institute of Rural Management,
>      > F-6/4, Islamabad
>      >
>      > Ph: +92 51 2822752
>      >       +92 51 2822792
>      >
>      > http://www.ahkrc.net.pk <http://www.ahkrc.net.pk
>     <http://www.ahkrc.net.pk >>
>      >
>      >
>      >
>     ------------------------------------------------------------------------
>      >
>      > _______________________________________________
>      > greenstone-users mailing list
>      > greenstone-users@list.scms.waikato.ac.nz
>     <mailto: greenstone-users@list.scms.waikato.ac.nz>
>      > https://list.scms.waikato.ac.nz/mailman/listinfo/greenstone-users
>
>     --
>     Arthur Belanger
>     Medical Library System Manager
>     Academic Media & Technology
>     ITS
>     Yale University
>     100 Church Street South, Suite 107
>     Mailcode 138
>     New Haven, CT  06519
>
>     (203) 785-6928
>     (203) 737-2859, fax
>
>     mailto:Arthur.Belanger@Yale.Edu <mailto: Arthur.Belanger@Yale.Edu>
>     http://www.yale.edu/acs
>     http://info.med.yale.edu/library <http://info.med.yale.edu/library>
>

--
Arthur Belanger
Medical Library System Manager
Academic Media & Technology
ITS
Yale University
100 Church Street South, Suite 107
Mailcode 138
New Haven, CT  06519

(203) 785-6928
(203) 737-2859, fax

mailto:Arthur.Belanger@Yale.Edu
http://www.yale.edu/acs
http://info.med.yale.edu/library