Difference between revisions of "Require Login"

From Amahi Wiki
Jump to: navigation, search
Line 4: Line 4:
 
heading =WARNING|
 
heading =WARNING|
 
message = This is recommended only for advanced users, proceed with caution.}}
 
message = This is recommended only for advanced users, proceed with caution.}}
Would you like to control which HDA users can access certain web applications?  While this function does not currently exist in Amahi, it can be done quite easily by following the steps outlined below.  When a user accesses the specific web application, they will be prompted for a user name and password.
+
We have a budding feature to require login to individual webapps.
 +
 
 +
Note - each app may have created a corresponding webapp. It's in this webapp that the Login Required may be selected.
 +
 
 +
If selected, this settings makes it such that the application will ask for a user name and a password.
 +
 
 +
Unfortunately this is no integrated yet with the rest of the user/password system already in place, so for now, it has to be done using htaccess controls.
 +
 
 +
We have decided to make these a global setting, i.e. the users and password are all the same to all the apps that require login.
  
 
== How to do it ==
 
== How to do it ==
*This requires creation of two files (<code>.htaccess</code> and <code>.htpasswd</code>) be placed in the directory of each web application you want to protect.
 
*The <code>.htpasswd</code> file will identify user names/passwords (encrypted) and the <code>.htaccess</code> file  will contain the code needed to use that file to protect the web application.
 
#First you need to identify the web application you want to protect and it's physical location ('''''/var/hda/web-app/appname''''') on your server.  For example, the path for '''Linfo''' would be '''''/var/hda/web-app/linfo'''''.
 
#Next, you need to decide on the user names/passwords who will have access.  This has to be the HDA users credentials that are used to log into the HDA Dashboard. 
 
==== Create the Files ====
 
There are two options for creating the <code>.htpasswd</code> and <code>.htaccess</code> files:
 
*Option 1:  Navigate to [http://www.webmaster-toolkit.com/htaccess-generator.shtml .htaccess Generator].
 
<blockquote>
 
*Enter desired Username, Password, and Path (physical location where <code>.htpasswd</code> will be stored).  For example, Username '''''amahi''''', Password '''''amahi''''', and Path '''''/var/hda/web-apps/linfo'''''.
 
*Select the '''Generate .htaccess''' button.
 
*Create <code>.htacess</code> file in the web application html directory (i.e. '''''/var/hda/web-apps/linfo/html'''''). Copy the text in ''"This is what your .htaccess file should look like..."'' box and paste it into the <code>.htacess</code> file (i.e. '''''/var/hda/web-apps/linfo/html''''').  It should look similar to this:
 
{{Text|AuthUserFile /var/hda/web-apps/linfo/.htpasswd
 
AuthGroupFile /dev/null
 
AuthName "Password Protected Area"
 
AuthType Basic
 
<limit GET POST>
 
require valid-user
 
</limit>}}
 
*Next create <code>.htpasswd</code> file in then web application directory (i.e. '''''/var/hda/web-apps/linfo''''').  Copy the text from ''"And this is what your .htpasswd file should look like..."'' box and paste it into the <code>.htpasswd</code> file (i.e. '''''/var/hda/web-apps/linfo''''').  It should look similar to this:
 
{{Text|amahi:amb24e1pXrqFY}}
 
*Proceed to the '''Set the Permissions''' section to complete.
 
</blockquote>
 
*Option 2: 
 
<blockquote>
 
*Perform the following steps [[Open_Terminal_as_root|as root user]] (change '''username''', '''password''', and '''appname''' as appropriate):
 
{{Code|htpasswd -c -b /var/hda/web-apps/appname/.htpasswd username password}}
 
*Add additional users, repeat the previous step ('''NOTE:''' the -c option is only needed the first time you create the file for that web application):
 
{{Code|htpasswd -b /var/hda/web-apps/appname/.htpasswd username password}}
 
*Delete a user, do the following:
 
{{Code|htpasswd -D /var/hda/web-apps/appname/.htpasswd username}}
 
*Create the <code>.htaccess</code> file in the '''''/var/hda/web-apps/appname/html''''' directory (change '''appname''' in ''AuthName'' and ''AuthUserFile'' lines; i.e. '''Linfo''' and '''linfo''' respectively):
 
{{Text|AuthName "appname Access"
 
AuthType Basic
 
AuthUserFile /var/hda/web-apps/appname/.htpasswd
 
require valid-user}}
 
</blockquote>
 
  
==== Set File permissions: ====
+
This requires that an htaccess file and an htpassword file be created in a place that it's accessible to the web server.
* Ensure the permissions are correctly set on the two files as follows (change '''appname''' as appropriate):
+
 
{{Code|chmod 600 /var/hda/web-apps/appname/.htpasswd
+
To create an <code>htpasswd</code> file containing the users and passwords
chmod 600 /var/hda/web-apps/appname/html/.htaccess
+
* you can go to a [http://www.webmaster-toolkit.com/htaccess-generator.shtml public htaccess/htpasswd generator] and copy the contents of what the "And this is what your .htpasswd file should look like..." box has
chown apache:apache /var/hda/web-apps/appname/.htpasswd
+
* or you can use the htpasswd command (first time with -c)
chown apache:users /var/hda/web-apps/appname/html/.htaccess}}
+
{{Code|htpasswd -c .htpasswd USERNAME}}
 +
 
 +
The file should contain lines like this: USERNAME:3Ce3F4zRcVf42
 +
 
 +
The file should be owned by apache:apache and have 600 permissions, so copy it over, then, as root:
 +
 
 +
{{Code|cp .htpasswd /var/hda/web-apps/htpasswd
 +
chmod 600 /var/hda/web-apps/htpasswd
 +
chown apache:apache /var/hda/web-apps/htpasswd}}
 +
 
 +
= If you have webmin installed =
 +
 
 +
After logging into webmin select “Others” on the left-hand side, click on “Protected Web Directories” and then select “Add protection for a new directory”.
 +
 
 +
In “Directory path” browse to/or enter the path to the ‘html’ web directory you wish to protect, in “Authentication realm” enter something like for example “Authentication required” (this will show up on the popup login box) and then click on create.
  
* That's all there is to it.  Now when a HDA user accesses the web application, they will be greeted with a pop windows asking for user name and password.  If you uninstall the app, the <code>.htpasswd</code> and <code>.htaccess</code> files will be removed as well.
+
Now you need to setup users to allow login by clicking on “Add a new user” in “Associated users and groups”, when users have been created you should be good to go.
  
==== Future Considerations ====
+
Note: After you have completed this process using webmin you can then select "un-protect selected directory" and use the HDA-Dashboard to enable/disable password protection.
* Add a share to hold all .htpasswd files.  Rename .htpasswd to .appname in order to keep them separate.
 
* Locate a web application to create/manage .htpasswd files (DirectoryPass or htaccess generator)
 
* Integrate with Amahi Dashboard to do all this via GUI.
 

Revision as of 02:54, 13 August 2011

Warning.png WARNING
This is recommended only for advanced users, proceed with caution.


We have a budding feature to require login to individual webapps.

Note - each app may have created a corresponding webapp. It's in this webapp that the Login Required may be selected.

If selected, this settings makes it such that the application will ask for a user name and a password.

Unfortunately this is no integrated yet with the rest of the user/password system already in place, so for now, it has to be done using htaccess controls.

We have decided to make these a global setting, i.e. the users and password are all the same to all the apps that require login.

How to do it

This requires that an htaccess file and an htpassword file be created in a place that it's accessible to the web server.

To create an htpasswd file containing the users and passwords

  • you can go to a public htaccess/htpasswd generator and copy the contents of what the "And this is what your .htpasswd file should look like..." box has
  • or you can use the htpasswd command (first time with -c)
bash code
​htpasswd -c .htpasswd USERNAME​


The file should contain lines like this: USERNAME:3Ce3F4zRcVf42

The file should be owned by apache:apache and have 600 permissions, so copy it over, then, as root:

bash code
​cp .htpasswd /var/hda/web-apps/htpasswd chmod 600 /var/hda/web-apps/htpasswd chown apache:apache /var/hda/web-apps/htpasswd​


If you have webmin installed

After logging into webmin select “Others” on the left-hand side, click on “Protected Web Directories” and then select “Add protection for a new directory”.

In “Directory path” browse to/or enter the path to the ‘html’ web directory you wish to protect, in “Authentication realm” enter something like for example “Authentication required” (this will show up on the popup login box) and then click on create.

Now you need to setup users to allow login by clicking on “Add a new user” in “Associated users and groups”, when users have been created you should be good to go.

Note: After you have completed this process using webmin you can then select "un-protect selected directory" and use the HDA-Dashboard to enable/disable password protection.