On Wednesday 12 March 2008 06:58:16 Josh Luthman wrote:
I am curious to see how the crew here on the mailing list secures their Hobbit from the outside world. I need to have the WWW pages visible from every IP but only from certain people, therefor I need to use users and passwords. Our Hobbitmon is viewed via cell phones and computers (IE and Firefox) and protected by an HTTP(S) login currently. The problem is that with three different Directory statements in httpd.conf, you need to login three times every time you restart Firefox.
Also, how many businesses have Hobbitmon wide open for the viewing, such as Henrik's demo, if any?
We run ours requiring authentication of a valid user in our LDAP directory for any access to Hobbit at all, and membership of the monitoring group in LDAP for access to the /hobbit-seccgi location. This allows to (besides reduce user management overhead) have password expiration, lockout, etc. etc.
If you use the same authentication source in all the directory statements, users should not have to authenticate more than once (we don't). Even if you do authorization only on /hobbit-seccgi.
This is really more of an Apache thing than anything else ... but you may want to post the authentication aspects of your apache configuration for Hobbit if you need more assistance.
Regards, Buchan