Приглашаем посетить
Password and Authentication
Created and donated by Bill Van Etten <vanettw@muohio.edu>
BASIC INFORMATION
Name: Selena Sol's Password and Authentication
Version: ?
Last Modified: 03-03-97 Bill Van Etten vanettw@muohio.edu
DESCRIPTION
Using Selena Sol's authentication library, it delivers the content of
secure html and perl script files to a limited list of authorized users.
In general, position files that you wish to provide authorized access in a
secure directory (No world read, write, or execute rights), but give the
world read and execute rights to this script (auth.pl).
By pointing a browser to this PUBLIC script (auth.pl) and giving it the
ONE PARAMETER that it needs, which is the PRIVATE filename to allow secure
entry to, the authentication library will authorize the user in accordance
with the settings in the setup file (auth.setup). If a user passes
authentication, it echoes the input html file or requires and runs the
input perl script without users having to re-login to every page or
script.
For example, if you have an html file called bbs.html (which is located in
a secure directory), you can allow its limited access by calling
"auth.pl?file=bbs.html".
Or, if you have perl script called script.pl (which is located in a secure
directory), you can allow its limited access by calling
"auth.pl?file=script.pl".
COPYRIGHT INFORMATION
This application was written by Selena Sol (selena@eff.org,
http://www.eff.org/~erict) having been inspired by countless other Perl
authors. Feel free to copy, cite, reference, sample, borrow, resell or
plagiarize the contents. However, if you don't mind, please let me know
where it goes so that I can at least watch and take part in the
development of the memes. Information wants to be free, support public
domain freware. Donations are appreciated and will be spent on further
upgrades and other public domain scripts.
Finally, PLEASE SEND WORKING URL's to selena@eff.org. I maintain a list
of implementations around the world.
SUPPORT
This script comes with no gaurentees or warranties. I am not a
programming professional. I am a web-hobbiest and my scripts are
continually evolving as I learn more. Don't expect the scripts to be
perfect.
Bug reports are greatly appreciated but installation support is extremely
discouraged. I have attempted to include as much information as I could
think of in this README and in the Customization and Installation FAQ
available at http://www.eff.org/~erict/Scripts/. Please try ALL available
sources of information BEFORE you email me. But if you must, make sure to
include the following bits of information (I may not respond to your email
if you do not answer ALL of the following questions):
1. What type of Web server are you running?
2. What type of Operating System is the Web server running on?
3. What is the "exact" error message from the Web?
4. What is the "exact"error message in your web server's error log?
5. What is the "exact" error message you receive when running the script
from the command line.
6. Are you running this script on an ISP? If so, what is the email
address of the Sysadmin there?
7. Are you using a virtual server setup? If so, what is the root path set
in your Web server's environment?
8. In which directory is the Perl interpreter located?
9. In which directory is sendmail located (if you are using a script which
demands use of sendmail)
Again, I MAY NOT ANSWER YOUR QUESTION unless you have answered all nine of
these questions.
BASIC INSTALLATION (DOWNLOADING THE SCRIPT)
It is recommended that you point your Web browser to "Selena Sol's Script
Archive" to get the latest version of this script. The Script Archive is
located at the following URL:
http://www.eff.org/~erict/Scripts/
From the "Script Archive" frontpage follow the hyperlinks to the detailed
page dedicated to this script. Then click on the hyperlink "Download the
scripts as a single tar file".
BASIC INSTALLATION (UNARCHIVING THE APPLICATION)
Once you have downloaded the TAR file (a single file containing all
associated files in their relative positions under the root directory),
transfer the TAR file to an executable directory on your web server and
untar them. On UNIX systems, you may type the following at the
command line:
tar xvfp filename.tar
(If you are using a non-UNIX Operating System, you may
download a TAR/UNTAR program by pointing your Web browser
to http://www.shareware.com).
BASIC INSTALLATION (SETTING PERMISSIONS)
Your Web server must have permission to read, write or execute as needed.
Each sub-directory and file in the application has its own correct
permissions level associated with it. Once you have unarchived (UNTAR)
the application, you must then set the correct permissions. On UNIX
systems, you will use the "chmod" command. The following table is a
quick guide to setting permissions for UNIX servers.
PERMISSION COMMAND
rwxrwxrwx chmod 777 filename
rwxrwxr-x chmod 775 filename
rwxr-xr-x chmod 755 filename
rw-rw-r-- chmod 664 filename
rw-r--r-- chmod 644 filename
Note: Not setting your permissions correctly is the
NUMBER 1 reason why installations fail. Take time to
get this right.
The actual permissions required for the subdirectories and files used by
this application are listed in the next section.
BASIC INSTALLATION (FILES, DIRECTORIES, AND PERMISSIONS)
The expanded TAR file will expand into a directory called Authentication.
Within, there are four files and two sub-directories. Their location and
permission settings DO MATTER. The script auth.pl must be readable and
executable by your web server, so place in your cgi-bin. It doesn't
matter where you place the Library sub-directory, but it's most useful in
your cgi-bin, so I would put it here too. The README-INSTALLATION,
README.CHANGES files, and auth.setup can be placed wherever you want. The
Secure-WWW subdirectory is where secure information is stored, so it's
best placed outside of your cgi-bin or WWW directories. Use the following
permission settings for files and sub-directories, wherever you decide to
put them.
Secure-WWW (drw-------)
|____Sessions Sub-directory (drw-------)
|____Users Sub-directory (drw-------)
| |____user.dat (-rw-------)
|____Secure-html Sub-directory (dr--------)
| |____html-ex1.html (-r--------)
| |____html-ex2.html (-r--------)
|____Secure-cgi Sub-directory (dr--------)
|____script-ex1.pl (-r--------)
|____script-ex2.pl (-r--------)
cgi-bin
|____Library Sub-directory (drwxr-xr-x)
| |____auth-extra-html.pl (-rw-r--r--)
| |____auth-extra-lib.pl (-rw-r--r--)
| |____auth-lib-fail-html.pl (-rw-r--r--)
| |____auth-lib.pl (-rw-r--r--)
| |____auth-server-lib.pl (-rw-r--r--)
| |____auth_fail_html.pl (-rw-r--r--)
| |____cgi-lib.pl (-rw-r--r--)
| |____cgi-lib.sol (-rw-r--r--)
| |____date.pl (-rw-r--r--)
| |____mail-lib.pl (-rw-r--r--)
|____auth.cgi (-rwxr-xr-x)
|____auth.setup (-rw-r--r--)
|____README.INSTALLATION (-rw-r--r--)
|____README.CHANGES (-rw-r--r--)
Secure-WWW is the root of the secure html files, perl scripts, session
files,
and user data. This directory must be set to be readable,
writable
by a running Perl script. It shouldn't have world access.
Sessions is a subdirectory used by the authentication
library files to store authentication session information. This
directory must be set to be readable, writable by a running Perl
script.
It shouldn't have world access.
Users is a subdirectory containing the user.dat data file used by the
script. The subdirectory itself must be readable, writable by a
running
Perl script. It shouldn't have world access.
user.dat will contain the list of all the registered users
and their personal info. The file must be readable and writable
by a
running Perl script. It shouldn't have world access.
Secure-html is a subdirectory containing secure html files used by the
script. The subdirectory itself must be readable by Perl.
It shouldn't have world access.
html-ex1.html and html-ex2.html are secure example html files. These
should
be readable by Perl. They shouldn't have world access.
Secure-cgi is a subdirectory containing secure script files used by the
script. The subdirectory itself must be readable by Perl.
It shouldn't have world access.
script-ex1.pl and script-ex2.pl are secure example Perl scripts. These
should
be readable by Perl. They shouldn't have world access.
Library is a subdirecoty containing the supporting library
routines for this application. The directory itself must be
readable and executable by the web server and each of the files
must be readable.
Authentication libraries all begin with the prefix "auth" and are
used to authenticate users if the admin decides to have password
authentication.
cgi-lib.pl is used to read and parse incoming form data and to
provide error messages in case the script cannot open a needed
file.
mail-lib.pl is used to mail the sysadmin foe new registrations if
it has been configuired to do so. make sure to set the location
of sendmail in the first lines of the library.
auth.pl is the script that will allow authorized access to html files
and perl scripts using the authentication libraries and must be
set
to be readable and executable by the web server.
Within auth.pl are two variables that must be set:
$auth_setup_path is the path to the directory containing the
auth.setup file.
$lib is the path to the directory containing the cgi-lib file.
auth.setup is the file used to define server specific variables and
options. The file must be readable by Perl and defines
the following variables:
$cgi-path this is the path to the directory containing the auth.pl
script
a place where cgi scripts can be run by your http server
the auth.pl script should be world readable and executable
$secure-path this is a path to the directory containing the
Users, Sessions, Secure-html, and Secure-cgi directories
each of these directories should have no world rights
$auth_html_dir path to secure directory containing html files.
$auth_cgi_dir path to secure directory containing cgi scripts.
$auth_html_ext this is the filename extension for html files.
$auth_perl_ext this is the filename extension for perl scripts.
$auth_script_url is the full URL of auth.cpl.
$auth_lib Is the path to the authentication libraries.
$auth_server askes whether or not you are using server-based
security or CGI based security. If you do not know what server
based security is, you are most likely dealing with CGI-based
security. Server based security would deal with
ENV{'REMOTE_USER'} and you would be using the servers config
files... CGI-based security creates its own authentication
routines.
$auth_user_file is the file which contains the list of users who
are
validated to use the script. UNless you have a problem with the
name
I've given it, you should probably not change this either.
$auth_alt_user_file is a file that you can use to store
registered users before you add them to the user database if you
are not allowing users to add themselves instantaneously. I don't
use this for this script, so I left it blank...if you want users
to first go through you before they have access, you'll need to
set this to like temp.user.file or something like this...then
you'll go in every now and then and cut and paste the users you
want to validate from here to the real users file.
$auth_default_group is the default group that you want all users
set to when they register. You can crteate different security
levels by manually editing the user file to change this to
something like admin...
if $auth_add_register is on then the users will be added directly
to the user database. If it is off, they won't.
if$auth_email_register is on, you will be emailed when people
register so that you can add them yourself. Thus, at least one of
the next two must be set to on.
$auth_admin_from_address is the address of who the mail should
come
from. This is a must.
$auth_admin_email_address is the email of the admin who is to
receive
registration notes.
$auth_session_length is the number of days that you want session
files to be kept for before they are deleted.
$auth_session_dir is the location of the directory which will
temporarily hold session files. These session files will be used
to validate users and to keep track of their information should we
need it.
$auth_register_message is the message that you want to appear
when the users are registered.
RUNNING THE SCRIPT
To view the four examples, begin with the URL to your auth.pl script
plus the file field in the form ?file=html-ex1.html:
http://your.domain.com/cgi-bin/auth.pl?file=html-ex1.html
When you want to give authorized acces to an html file,
give the URL:
http://your.domain.com/cgi-bin/auth.pl?file=filename.html
Or to a perl script,
give the URL:
http://your.domain.com/cgi-bin/auth.pl?file=filename.pl
To pass the session information to another authorized html file,
from within an html document give the URL:
auth.cgi?file=filename.html&session
Or from within a perl script,
give the URL:
auth.cgi?file=filename.html&session=$session
To see a working example, goto the URL:
http://www.muohio.edu/cgi/~fitcwis/auth.pl?file=html-ex1.html
