Each directory can contain a file named ".htacess" that controls access to the pages in that directory. This depends on the files

• .htaccess,
• /usr/local/htaccess/passwd (or the Config AuthUserFile)
• /usr/local/htaccess/group.(or the Config AuthGroupFile)

Description of the .htaccess file:

Each line begins with a keyword with one or more arguments. A keyword is case insensitive. Also comment lines, a line starting with a '#', and blank lines are allowed.

Keywords for .htaccess

AuthType             <type>
                     Which Authentication mechanism to use
                     type  ::  Basic | Digest

AuthName             <name>
                     Text displayed in password prompt from the browser
                     name  ::  <ASCII>

AuthUserFile         <filename>
                     Reference to user file, inclusive path (See below)

AuthGroupFile        <filename>
                     Reference to group file, inclusive path (See below)

Limit                <op>
                     List of operations     
                     op    ::  "GET|POST|.."

/Limit

The following Keywords should be enclosed by the keywords "Limit" and "/Limit": Require, Order, Deny, Allow

USER and/or GROUP protection

Require              <key value>
                     key   ::  "user|group"
                     value ::  "<username>|<groupname>"
                     "value" must be specified in the AuthUserFile or AuthGroupFile

NETWORK based protection

In the case "allow" and/or "deny" is specified, order must be specified too!

Order                <value,value>
                     value ::  "allow|deny"

Deny                 <args>
                     args  ::  "[from] {fully qualified network}* | all"

Allow                <args>
                     args  ::  "[from] {fully qualified network}* | all

    

The AuthUserfile file "passwd" has this format:

<username>:<encrypted_password>
..

The generation of encrypted passwords is support by the tcl package "crypt". On unix you can copy e.g. an entry from the "passwd"/"shadow" file to the AuthUserFile however since Basic authentication sends passwords in the clear, doing so can expose your system to password sniffing attack.

The AuthGroupFile file "group" has this format:

<groupname>:<member>,<member2>,<member3>
..
    

Notes:

• At the moment of this writing a crypt library for Win32 is included in tclpro1.4.1 and is not part of Tclhttpd.
• A pure tcl crypt is included with Tclhttpd, for the case that no faster lib is available.
• How to create an AuthUserFile entry?

  Use the Access Control Editor,

  or Start a tcl shell and load the crypt package:

    tclsh
    % package require crypt
    % crypt <password> <salt>
  

• For further understanding I copied following text from the crypt.3c man page:

  password is the input string to encrypt, for instance, a user's typed password. Only the first eight characters are used; the rest are ignored. salt is a two-character string chosen from the set [a-zA-Z0-9./]; this string is used to perturb the hashing algorithm in one of 4096 different ways, after which the input string is used as the key to repeatedly encrypt a constant string. The returned value points to the encrypted input string. The first two characters of the return value are the salt itself.

Home	Status	Learn	CGI Tests	Templates	Access Control	Reference Manual