Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

user authorization via web

Posted on 2001-06-07
8
Medium Priority
?
232 Views
Last Modified: 2010-08-05
HI,

I have some web pages that need to be protected and would like to use our company's system YP server(?) to authenticate their passwords. My company has both Unix and PCs with their own network. (But Let's just focus on Unix here) We have offices all over the world so I assume they all have different domains.
In such an environment, is it still possible to use the
Unix user authentication service? If so, how do I access it? Will I need help from our IT? or is there a way I could do it on my own?

Any help is greatly appreciated,
thanks,

JinJoo
0
Comment
Question by:jjlee081497
8 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6164890
I'm not aware of any standard/existing tools that do exactly this.
You could either roll your own, or coalesce all the NIS and/or NT
domain stuff into a single LDAP database and authenticate
against that.
0
 
LVL 38

Expert Comment

by:yuzh
ID: 6166414
Hi jjlee,

   If you are runing Solaris UNIX, try to use Sun WebServer administration package, this will enable you to do all the access control to you Website or a single directory, you can set login and password control for you Website.

   If you are using other version og UNIX, try Netscape HTTP server Administration package.

0
 
LVL 38

Expert Comment

by:yuzh
ID: 6166535
Hi jjlee,

   If you are run Apache for your web server, you can following the instruction in the following web page and try it out:

http://httpd.apache.org/docs/misc/FAQ.html#user-authentication

   Good luck!
 
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:jjlee081497
ID: 6168967
HI Yuzh,

I have a question though regarding the apache auth. service. I have read thru briefly and couldn't find the answer... if the user wanted to set his/her own password, is there a way for the person to do that? That's the key point for me - basically, I have people compaining that they don't want to remember another passwd beside their own system account passwd. So, if there is a way to let them set their own passwd without me knowing it, it would solve my problem.

Thanks!

JinJoo
0
 
LVL 38

Accepted Solution

by:
yuzh earned 450 total points
ID: 6170010
Hi jjlee,

   I use Sun WebServer on my site. I believe that it is not a good idea to let the user set their own password for the Web site.

   It is possible to let the user to set their own password, by create a admin account, and you have to give this login and password to the user to enable them to set their own passward, but this will cause some management problem later on.

  I suggest that you create some common account, eg, a login a ccount for sales, account department etc, and everyone accesss to the same dir tree use that same login and password, or you have to add all your user one by one to the access usr list, to enable them to use their own password.

  I am runing a university site, I use unit user as a login name, and everyone want to access to the unit use the same login name and password.

   For the user to maintain their own web page, they only need to use their unix account login name and password and use ftp or whatever package to do it. All you need to do is set the dir permissions to let the usr own the dir, make sure you set the group id as nobody, and set g+s to the dir.

   I hope this information can help.
0
 
LVL 5

Expert Comment

by:Nisus091197
ID: 6176682
I would be inclined to use a .htaccess file.  The file that you specify for that user authentitication will have to be updated via cron every 30 minutes say with the usernames and encrypted passwords of the users that you want to be granted access to the site.

Does this make sense to you?

Regards, Nisus
http://www.omnimodo.com
0
 

Expert Comment

by:jf18222
ID: 6187922
Do not expose YP to the internet, it has way too many security holes that are readily known, you are just asking to be hacked. You did not say what kind of web server is running on the Unix box. All of the Web servers people have mentioned have this feature built into them, but you are right in the fact that people will have another password to remember, but that is the price of opening up a site to the world. If you use a .htaccess file to provide security,  you could write a script to update the users password in the access file by using any descent password hacking program to turn the salted password from the password file for each user, into plain text and syncing that to the access file.
0
 

Author Comment

by:jjlee081497
ID: 6274132
Thank you everyone for your comments.
They were all helpful.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question