Authentication under Apache (178 Views)
Reply
Honored Contributor
Jan van den Ende
Posts: 4,537
Registered: ‎12-17-2003
Message 1 of 4 (178 Views)
Accepted Solution

Authentication under Apache

Does anyone have any info about authenticating a webuser who makes a connection to my Apache server?
As far as I found so far, ALL activities via web-access are done by WWW$APACHE, which is quite hard to trace back to a certain person.
I really would like to validate the accessor against SYSUAF, and allow/restrict access by granted rightsidentifiers, but if there is only a less "clean" way I would be willing to give it serious consideration.
The reason: nowadays the VMS applications are accessed by terminal emulator, but there is a really heavy management incentive that "all" functionality should be accessable "the same way", and for that way they chose Billy's IE.
At the moment serious development pilots are underway to replaced the VMS apps by some MS & some *NIX. To me that looks like spending LOTS of money to get to a reduced functionality with less security, but one GREAT advantage: it shows nice, flashy, colored displays that impress managers better than monochrome screens in character mode (and they can better use it to impress guests).
I would like to keep the VMS stuff and spend much less money, and if I can reach just about the same flashiness, then THAT would hopefully please management even better.

Any help welcome!
Don't rust yours pelled jacker to fine doll missed aches.
HP Pro
Ian Miller.
Posts: 4,371
Registered: ‎06-03-2003
Message 2 of 4 (178 Views)

Re: Authentication under Apache

I wish you luck. If more people realised VMS can have web front ends parhaps less of them would get replaced. For V1.3 There is MOD_AUTH_VMS.
See
http://h71000.www7.hp.com/openvms/products/ips/apache/csws_install_001.html#anal_c

and especically
http://h71000.www7.hp.com/openvms/products/ips/apache/csws_install_001.html#modauthsecurity

____________________
Purely Personal Opinion
Honored Contributor
Jan van den Ende
Posts: 4,537
Registered: ‎12-17-2003
Message 3 of 4 (178 Views)

Re: Authentication under Apache

WAUW!!!!

Ian, I think I must have missed that one.

A period of excersising & testing is imminent. And then (I hope and expect) the demonstrating and all other political stuff.
Don't rust yours pelled jacker to fine doll missed aches.
Honored Contributor
Willem Grooters
Posts: 2,038
Registered: ‎05-21-2003
Message 4 of 4 (178 Views)

Re: Authentication under Apache

Jan,

My experience: This works GREAT: check against SYSUAF on username (password must be valid and non-expired, user must be non-captive, non-disuser....) and on rights_id.
I use these both. I can advise!
only point: passwords are passed as text so the site will require SSL to get it encrypted on the Internet (still working on that ;-()

Willem
Willem Grooters
OpenVMS Developer & System Manager
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.