Securing Virtual Directory
Securing Virtual Directory
In order to protect a virtual directory with OpenVMS Authentication, i.e. force a challenge/response from the server to the browser before granting access, 2 things are required.
1. Include the following directive in the apache$root:[conf]httpd.conf file,
LoadModule auth_openvms_module modules/mod_auth_openvms.exe
2. Create a file called .htaccess in the root of the virtual directory and add the following to it,
AuthType Basic
AuthName "OpenVMS authentication"
AuthOpenVMSUser On
require valid-user
Remeber to restart Apache after changing the conf file.
1. Include the following directive in the apache$root:[conf]httpd.conf file,
LoadModule auth_openvms_module modules/mod_auth_openvms.exe
2. Create a file called .htaccess in the root of the virtual directory and add the following to it,
AuthType Basic
AuthName "OpenVMS authentication"
AuthOpenVMSUser On
require valid-user
Remeber to restart Apache after changing the conf file.
authentication
I haven't used vms authentication as yet, but I'm fairly hazy on the whole username/password business, and where it fits in the apache/php/mysql environment.
I take it that issuetracker & phpmyadmin are using mysql application-based protection, rather than apache-based ?
What provision is there for restricting users - I've got thousands of customer accounts in our webserver sysuaf now, used for access control by OSU HTTP_SERVER - I wouldn't want them to have phpMyAdmin access.
Is there any good overview of how it all hangs together ?
I take it that issuetracker & phpmyadmin are using mysql application-based protection, rather than apache-based ?
What provision is there for restricting users - I've got thousands of customer accounts in our webserver sysuaf now, used for access control by OSU HTTP_SERVER - I wouldn't want them to have phpMyAdmin access.
Is there any good overview of how it all hangs together ?
The SWS installation guide is as good a place as any, plus of course most generic Apache documents will also be relevant to SWS,
http://h71000.www7.hp.com/openvms/produ ... all_20.pdf
You're right in your assumption about the security. phpMyAdmin (AFAIK) doesn't have any built-in security (which seems nuts to me!) so unless you secure the share some other way, it's open season.
What I have done, and described below, is tell Apache that to access this share the browser must authenticate first; the method I have chosen (and there are quite a few options) is to authenticate against the SYSUAF accounts. In my case I have told it that "anyone who provides a valid VMS login can have access". If you look at the manual it is possible to make this restrictive to certain accounts and/or groups.
http://h71000.www7.hp.com/openvms/produ ... all_20.pdf
You're right in your assumption about the security. phpMyAdmin (AFAIK) doesn't have any built-in security (which seems nuts to me!) so unless you secure the share some other way, it's open season.
What I have done, and described below, is tell Apache that to access this share the browser must authenticate first; the method I have chosen (and there are quite a few options) is to authenticate against the SYSUAF accounts. In my case I have told it that "anyone who provides a valid VMS login can have access". If you look at the manual it is possible to make this restrictive to certain accounts and/or groups.
- WillemGrooters
- VMS Guru
- Posts: 59
- Joined: Wed Jul 20, 2005 10:17 am
- Location: Netherlands
- Contact:
Indeed, Mod_Auth_Vms checks against UAF, and quite rigoroursly. Access is granted only if NOT DISUSER AND NOT CAPTIVE AND password has not expired ("Require valid-user"). Next, RIGHTSLIST is checked when "Require group" is specified, and access is granted only if the rights identifier you specified here, is granted to that user. Not granted means no acess.
Both can be SSL-protected, so can be secured.
Another issue that can be handy is that "AuthName" can be set to any text, so you can direct your users to what username/password they have to use. handy if you host multiple sites (as I do). Or prove that "IIS is safe"![Twisted Evil :twisted:](./images/smilies/icon_twisted.gif)
Both can be SSL-protected, so can be secured.
Another issue that can be handy is that "AuthName" can be set to any text, so you can direct your users to what username/password they have to use. handy if you host multiple sites (as I do). Or prove that "IIS is safe"
![Twisted Evil :twisted:](./images/smilies/icon_twisted.gif)
- Arvid Elstrodt
- $ HELP
- Posts: 15
- Joined: Tue Jan 10, 2006 7:19 pm
- Location: Amersfoort, The Netherlands
- Contact:
Hi,
As I just wrote in another (my first) post on this forum, I am a complete newbie on OpenVMS, so forgive me my ignorance.
Yesterday night I tried the method described here, but it seemed that OpenVMS (8.2 with ODS-5) doesn't accept ".htaccess" as a filename ?
I know I can configure Apache to take something else than ".htaccess", but I would like to stick as much with things I have already learned on other platforms.
What am I missing ?
As I just wrote in another (my first) post on this forum, I am a complete newbie on OpenVMS, so forgive me my ignorance.
Yesterday night I tried the method described here, but it seemed that OpenVMS (8.2 with ODS-5) doesn't accept ".htaccess" as a filename ?
I know I can configure Apache to take something else than ".htaccess", but I would like to stick as much with things I have already learned on other platforms.
What am I missing ?
- Arvid Elstrodt
- $ HELP
- Posts: 15
- Joined: Tue Jan 10, 2006 7:19 pm
- Location: Amersfoort, The Netherlands
- Contact:
- Arvid Elstrodt
- $ HELP
- Posts: 15
- Joined: Tue Jan 10, 2006 7:19 pm
- Location: Amersfoort, The Netherlands
- Contact:
- WillemGrooters
- VMS Guru
- Posts: 59
- Joined: Wed Jul 20, 2005 10:17 am
- Location: Netherlands
- Contact:
As a seasoned VMS user (you knowArvid Elstrodt wrote:
I know I can configure Apache to take something else than ".htaccess", but I would like to stick as much with things I have already learned on other platforms.
![Very Happy :D](./images/smilies/icon_biggrin.gif)
- Arvid Elstrodt
- $ HELP
- Posts: 15
- Joined: Tue Jan 10, 2006 7:19 pm
- Location: Amersfoort, The Netherlands
- Contact: