• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 236
  • Last Modified:

user authorization via web

HI,

I have some web pages that need to be protected and would like to use our company's system YP server(?) to authenticate their passwords. My company has both Unix and PCs with their own network. (But Let's just focus on Unix here) We have offices all over the world so I assume they all have different domains.
In such an environment, is it still possible to use the
Unix user authentication service? If so, how do I access it? Will I need help from our IT? or is there a way I could do it on my own?

Any help is greatly appreciated,
thanks,

JinJoo
0
jjlee081497
Asked:
jjlee081497
1 Solution
 
chris_calabreseCommented:
I'm not aware of any standard/existing tools that do exactly this.
You could either roll your own, or coalesce all the NIS and/or NT
domain stuff into a single LDAP database and authenticate
against that.
0
 
yuzhCommented:
Hi jjlee,

   If you are runing Solaris UNIX, try to use Sun WebServer administration package, this will enable you to do all the access control to you Website or a single directory, you can set login and password control for you Website.

   If you are using other version og UNIX, try Netscape HTTP server Administration package.

0
 
yuzhCommented:
Hi jjlee,

   If you are run Apache for your web server, you can following the instruction in the following web page and try it out:

http://httpd.apache.org/docs/misc/FAQ.html#user-authentication

   Good luck!
 
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
jjlee081497Author Commented:
HI Yuzh,

I have a question though regarding the apache auth. service. I have read thru briefly and couldn't find the answer... if the user wanted to set his/her own password, is there a way for the person to do that? That's the key point for me - basically, I have people compaining that they don't want to remember another passwd beside their own system account passwd. So, if there is a way to let them set their own passwd without me knowing it, it would solve my problem.

Thanks!

JinJoo
0
 
yuzhCommented:
Hi jjlee,

   I use Sun WebServer on my site. I believe that it is not a good idea to let the user set their own password for the Web site.

   It is possible to let the user to set their own password, by create a admin account, and you have to give this login and password to the user to enable them to set their own passward, but this will cause some management problem later on.

  I suggest that you create some common account, eg, a login a ccount for sales, account department etc, and everyone accesss to the same dir tree use that same login and password, or you have to add all your user one by one to the access usr list, to enable them to use their own password.

  I am runing a university site, I use unit user as a login name, and everyone want to access to the unit use the same login name and password.

   For the user to maintain their own web page, they only need to use their unix account login name and password and use ftp or whatever package to do it. All you need to do is set the dir permissions to let the usr own the dir, make sure you set the group id as nobody, and set g+s to the dir.

   I hope this information can help.
0
 
Nisus091197Commented:
I would be inclined to use a .htaccess file.  The file that you specify for that user authentitication will have to be updated via cron every 30 minutes say with the usernames and encrypted passwords of the users that you want to be granted access to the site.

Does this make sense to you?

Regards, Nisus
http://www.omnimodo.com
0
 
jf18222Commented:
Do not expose YP to the internet, it has way too many security holes that are readily known, you are just asking to be hacked. You did not say what kind of web server is running on the Unix box. All of the Web servers people have mentioned have this feature built into them, but you are right in the fact that people will have another password to remember, but that is the price of opening up a site to the world. If you use a .htaccess file to provide security,  you could write a script to update the users password in the access file by using any descent password hacking program to turn the salted password from the password file for each user, into plain text and syncing that to the access file.
0
 
jjlee081497Author Commented:
Thank you everyone for your comments.
They were all helpful.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now