httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zembower, Kevin" <kzemb...@jhuccp.org>
Subject [users@httpd] Suggestions for authorization on intranet?
Date Thu, 22 Jun 2006 13:26:02 GMT
I'm trying to set up an authorization system using Apache for an
internal web site. I'm having a tough time doing it and staying within
the constraints that I have. I'm hoping someone here has done this
before and can offer me some suggestions or advice.

 

On our organization's internal intranet website, we want to block access
to some directories based on information stored in a MySQL DB on the
server. However, I like to avoid requiring the user to enter another
password, or the same password, to view the protected content. I'd like
to rely on the network authentication system to authenticate the user,
and based on this authentication, allow or block the content.

 

I thought I had a solution in using the USERNAME environment variable
from the workstation, in conjunction with a script on the server.
However, we discovered that the USERNAME variable was easily changed and
that a user could send any USERNAME that they desired to the script.

 

I think that the perfect solution to this is an authentication or
authorization using LDAP. However, for policy reasons in my
organization, this can't be done. Network authentication is done through
Novell Netware 5.1 SP8, which I'm told doesn't include an LDAP server. I
haven't independently verified this. I'm not very knowledgeable about
Novell Netware. I thought the Novell eDirectory was essentially an LDAP
system, but this may not be available in Netware 5. Can anyone verify
this?

 

Because of other policy constraints, I'm not allowed to set up a
replacement for the network authentication system, using LDAP, and pass
the results into Netware.

 

The only option that I think I have is setting up a password system for
the intranet, and forcing users to enter a second password, in addition
to the network login, to access content in the protected areas.

 

Can anyone suggest other ways that I may have overlooked? Can you tell
me what systems are in use in your organizations to solve similar
problems?

 

Thanks in advance for your suggestions, advice and help.

 

-Kevin Zembower


Mime
View raw message