File: Authentication.html

package info (click to toggle)
cherokee 0.5.5.dfsg-2
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 7,860 kB
  • ctags: 6,040
  • sloc: ansic: 35,724; sh: 9,372; python: 3,150; yacc: 1,427; makefile: 1,297; lex: 223; xml: 61
file content (128 lines) | stat: -rw-r--r-- 4,668 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
<html>
 <header>
     <title>Cherokee Web Server: Authentication</title>
	<style>	
	body {
		
		width: 760px; 
		margin: auto;
		font-family: 'Trebuchet MS', 'Lucida Grande', Verdana, Arial, Sans-Serif;
		font-size: small;
		padding: 10px;
	}
	
	#header {
		border-bottom: 2px solid #b00;
	}

	#toc {
		border: 
		color: #650;
		background-color: #f0e9b0;
		border: 1px solid #a99d3a;
		font-size: small;
		-moz-border-radius: 4px;
		float: right;
		margin: 4px;
	}

	#toc a {
		color: #650;
	}

	#toctitle {
		color: #fff;
		background-color: #650;
	}
	
	h1 {
		border-bottom: 1px solid #b00;
		float: right;
		border-bottom: 0px;
	}

	h2 {
		border-bottom: 1px solid #b00;
	}

	pre {
		background-color: #000;
		color: #ddd;
		padding: 5px;
	}

	#footer {
		border-top: 1px dotted #ddd;
		color: #666;
		font-size: 90%;
		padding: 10px;
		padding-bottom: 40px;
	}

/* Merge template style */

.messagebox {
   border: 1px solid #aaaaaa;
   background-color: #f9f9f9;
   width: 80%;
   margin: 0 auto 1em auto;
   padding: .2em;
   text-align: justify;
}
.messagebox.merge {
   border: 1px solid #cf9fff;
   background-color: #f5edf5;
   text-align: center;
}
.messagebox.cleanup {
   border: 1px solid #9f9fff;
   background-color: #efefff;
   text-align: center;
}
.messagebox.standard-talk {
   border: 1px solid #c0c090;
   background-color: #f8eaba;
}

	</style>
 </header>
 <body>
     <h1>Authentication</h1>
	<div id="header"><img src="cherokee.png" /></div>
	   <p>The authentication provides a mechanism to restrict the access of some resources as directories, extensions or predefined requests.  The authentication modules receive the name of <b>Validators</b>, and each one of them implements a different authentication mechanism. The scope of a validator is local to a <a href="Directory_configuration.html" title="Directory configuration">directory</a>,  <a href="Extension_configuration.html" title="Extension configuration">extension definition</a> or <a href="Request_configuration.html" title="Request configuration">request entry</a>, inside of an <a href="Behavior_configuration#Auth.html" title="Behavior configuration">Auth clause</a>.
</p><p><br />
There are two kinds of authentications:
</p>
<ul><li> <b>Basic authentication</b>: This method sends the user and password pair clear over the network, so it isn't a very safe method. It could represent a security problem is the connection isn't encrypted (HTTPS connection are completely safe though). This method is very easy to implement, so most of the programs supports it.
</li></ul>
<ul><li> <b>Digest authentication</b>: It is by far much more secure, but it is also more complex. If the clients of the server are modern browsers they won't have any problem to use this authentication method: <a href="http://en.wikipedia.org/wiki/Digest_access_authentication|" class='external text' title="http://en.wikipedia.org/wiki/Digest access authentication|" rel="nofollow">More information</a>
</li></ul>
<p><br />
Cherokee distributes a number of validators: <a href="Htpasswd_validator.html" title="Htpasswd validator">htpasswd</a>, <a href="Htdigest_validator.html" title="Htdigest validator">htdigest</a>, <a href="PAM_validator.html" title="PAM validator">PAM</a>, and a <a href="Plain_validator.html" title="Plain validator">Plain text file validator</a>. Some of these validators are only suitable for certain authentication methods:
</p>
<table cellpadding="3" align="center">
<tr><td></td><td><b>HTTP Basic</b></td><td><b>HTTP Digest</b></td></tr>
<tr><td>Plain</td><td bgcolor="#00EE00" align="center">yes</td><td bgcolor="#00ee00" align="center">yes</td></tr>
<tr><td>htpasswd</td><td bgcolor="#00EE00" align="center">yes</td><td bgcolor="#ee0000" align="center">no</td></tr>
<tr><td>htdigest</td><td bgcolor="#00EE00" align="center">yes</td><td bgcolor="#00ee00" align="center">yes</td></tr>
<tr><td>PAM</td><td bgcolor="#00EE00" align="center">yes</td><td bgcolor="#ee0000" align="center">no</td></tr>
</table>
<p><br />
</p>
<a name="User_restriction"></a><h2>User restriction</h2>
<p>One of the common features for all the validator is the user basedrestrictions.  Basically, it is possible to specify a list of users
who are allowed to authenticate with the validator.
</p>
<a name="Example"></a><h3>Example</h3>
<p>The only users allowed to access to the directory <i>/secret</i> are <i>alo</i> and <i>root</i>, it doesn't matter is the systems has a hundred users.
</p>
<pre>Directory /secret {
    Auth Basic, Digest {
        Method pam
        User alo, root
    }
}</pre>

     <div id="footer"><a href="http://www.0x50.org">Cherokee</a> Web Server</div>
 </body>
</html>