This is what I have in httpd.conf that makes me login three times (you can tell which three, obviously =)
Alias /hobbit/ "/hobbitdir/server/www/" <Directory "/hobbitdir/server/www"> Options Indexes FollowSymLinks Includes MultiViews Order allow,deny Allow from all AuthUserFile /hobbitdir/server/etc/hobbitpasswd AuthType Basic AuthName "Hobbit Monitoring1" Require valid-user </Directory>
ScriptAlias /hobbit-cgi/ "/hobbitdir/cgi-bin/" <Directory "/hobbitdir/cgi-bin"> AllowOverride None Options ExecCGI Includes Order allow,deny Allow from all AuthUserFile /hobbitdir/server/etc/hobbitpasswd AuthType Basic AuthName "Hobbit Monitoring2" Require valid-user </Directory>
ScriptAlias /hobbit-seccgi/ "/hobbitdir/cgi-secure/" <Directory "/hobbitdir/cgi-secure"> AllowOverride None Options ExecCGI Includes Order allow,deny Allow from all
AuthUserFile /hobbitdir/server/etc/hobbitpasswd
AuthGroupFile /hobbitdir/server/etc/hobbitgroups
AuthType Basic
AuthName "Hobbit Monitoring3"
Require valid-user
Require group group4admin</Directory>
On 3/12/08, Buchan Milne <bgmilne at staff.telkomsa.net> wrote:
On Wednesday 12 March 2008 06:58:16 Josh Luthman wrote:
I am curious to see how the crew here on the mailing list secures their Hobbit from the outside world. I need to have the WWW pages visible from every IP but only from certain people, therefor I need to use users and passwords. Our Hobbitmon is viewed via cell phones and computers (IE and Firefox) and protected by an HTTP(S) login currently. The problem is that with three different Directory statements in httpd.conf, you need to login three times every time you restart Firefox.
Also, how many businesses have Hobbitmon wide open for the viewing, such as Henrik's demo, if any?
We run ours requiring authentication of a valid user in our LDAP directory for any access to Hobbit at all, and membership of the monitoring group in LDAP for access to the /hobbit-seccgi location. This allows to (besides reduce user management overhead) have password expiration, lockout, etc. etc.
If you use the same authentication source in all the directory statements, users should not have to authenticate more than once (we don't). Even if you do authorization only on /hobbit-seccgi.
This is really more of an Apache thing than anything else ... but you may want to post the authentication aspects of your apache configuration for Hobbit if you need more assistance.
Regards,
Buchan
-- Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
Those who don't understand UNIX are condemned to reinvent it, poorly. --- Henry Spencer