Home » Archimedes archive » Acorn User » AU 1997-Xmas B.adf » PD » NetPlex/!Netplex/!Help/HTML/12-auth

NetPlex/!Netplex/!Help/HTML/12-auth

This website contains an archive of files for the Acorn Electron, BBC Micro, Acorn Archimedes, Commodore 16 and Commodore 64 computers, which Dominic Ford has rescued from his private collection of floppy disks and cassettes.

Some of these files were originally commercial releases in the 1980s and 1990s, but they are now widely available online. I assume that copyright over them is no longer being asserted. If you own the copyright and would like files to be removed, please contact me.

Tape/disk: Home » Archimedes archive » Acorn User » AU 1997-Xmas B.adf » PD
Filename: NetPlex/!Netplex/!Help/HTML/12-auth
Read OK:
File size: 15BF bytes
Load address: 0000
Exec address: 0000
File contents
<HTML>

<HEAD>
<TITLE>Netplex - Client Authentication</TITLE>
</HEAD>

<BODY TEXT="#000000" BGCOLOR="#ffffff" LINK="#004499" VLINK="#00224c" ALINK="#00cc00">

<H1><IMG SRC="images/world" ALIGN=ABSMIDDLE>  Client Authentication</H1>
<HR>

<A NAME="introduction"><H2>Introduction</H2></A>

<P>Client Authentication is the name of the standard password system for WWW servers.  It allows you to restrict the accesses to your WWW server for the purpose of keeping down its use or protecting sensitive or private data.</P>

<P>Clients who can supply a valid username and password (henceforth referred to as 'credentials') for the protected 'realm' (directory on the server) are allowed to retrieve pages from within that realm.  Clients who cannot submit valid credentials are rejected and presented with an 'Unauthorized' screen.</P>

<P>What will typically happen is that the client will try to access one of the server's pages, the server will fault the request and inform the client that it needs some credentials before continuing.  The client will then request from the user, perhaps via a dialogue box, a username and password which will be used from then on as identification when accessing the server.  The client will present these credentials to the server, which the server will check and either accept and serve the page, or reject.</P>

<P>Netplex supports Basic Authentication which is the standard authentication method.  However, Basic Authentication is not a truly secure method of transfer - the credentials are not securely encoded and the entity body is not encoded at all - you shouldn't use it for the transfer of sensitive data (e.g. Credit Card details) if you do not believe your network to be secure.</P>

<A NAME="enabling"><H2>Enabling</H2></A>

<P>To enable Client Authentication for your server, you must first decide which directories you want protected and then create a suitable Configuration file.  As an example, consider the following partial representation of a directory structure :</P>

<CENTER><P><IMG SRC="images/realms" WIDTH=281 HEIGHT=149></P></CENTER>

<P>The directories outlined in red are the ones we want to protect - they contain information for members of staff only.  The Staff directory nearest the top of the diagram is to be made available to all staff, whereas the one nearest the bottom is for Maths staff only.</P>

<A NAME="cfg-realms"></A>
<P>To protect these directories we must create a Configuration file called 'Realms' and put this in the top-level web page directory.  This file defines which directories are realms, their realm names and how they are protected.  For our example it would be as follows :</P>

<PRE><P>
# Realms file for St. Frobnitz' School WWW Server
#
Realms
/staff:Staff:StaffAuth
/subjects/maths/staff:Maths staff:MathsAuth
</P></PRE>

<P>The lines beginning with '#' are comments.  The first non-comment line, 'Realms', specifies that this configuration file defines realm properties.  Looking at the next line you can see that there are three elements, separated by ':'.  The first element '/staff' defines the directory which is to be protected, this is specified in the same format as it would be in a URL.  The next element 'Staff' defines the name of the realm, which is used by the client to differentiate realms.  The last element 'StaffAuth' is the filename of the <I>Authorisation file</I> which holds the credentials for that realm.  The filename is given relative to the root directory, so an auth file called 'German' in a directory called 'AuthFiles' would be specified as 'AuthFiles.German'.</P>

<A NAME="cfg-auth"></A>
<P>Authorisation files are the files that hold the authorised users' credentials - they contain a list of username:password pairs listing the users that are authorised to use the respective realm.  The following is an example Authorisation file :</P>

<PRE><P>
# Example Authorisation file
#
# The format is &lt;username&gt;:&lt;password&gt;
#
Authorisation
dthomas:chips
pjones:soss
jkelly:egg
jsmith:rat
</P></PRE>

<P>The lines beginning with '#' are comments.  The first non-comment line identifies the file as an Authorisation file and the remaining lines are of the format 'username:password'.</P>

<P>Once a Realm file and its associated Authorisation files have been placed in the root web page directory, you must restart Netplex.  After Netplex is back up and running, any connection attempts will be subject to the applicable authorisation controls.</P>

<A NAME="notes"><H2>Notes</H2></A>

<UL>
<LI>Client Authentication incurs a speed pentalty, as Netplex must perform matches against URLs requested and do searches through the appropriate Authorisation files.  However, in real use, this penalty is only just perceptible.  A rough guide to the speed of authentication is that when using a 4400-user file, it takes about a second to authenticate a user (on a Risc PC 600).

<LI>'/' is a valid specifier if you wish to treat the whole server as a single realm.

<LI>A maximum of four realms can be defined (contact me if you need more).

<LI>Example Realms and Authorise files are provided in the !Netplex.!Help.HTML.auth directory.  They are configured to protect the cgi-bin directory.

</UL>

<HR>

<P><CENTER>
<A HREF="11-redir"><IMG SRC="images/buttons/bak" WIDTH=32 HEIGHT=32 BORDER=0 ALT="[ Previous ]"></A>
<A HREF="index"><IMG SRC="images/buttons/up" WIDTH=32 HEIGHT=32 BORDER=0 ALT="[ Index ]"></A>
<A HREF="13-cgi"><IMG SRC="images/buttons/fwd" WIDTH=32 HEIGHT=32 BORDER=0 ALT="[ Next ]"></A>
</CENTER></P>

</BODY>

</HTML>

00000000  3c 48 54 4d 4c 3e 0a 0a  3c 48 45 41 44 3e 0a 3c  |<HTML>..<HEAD>.<|
00000010  54 49 54 4c 45 3e 4e 65  74 70 6c 65 78 20 2d 20  |TITLE>Netplex - |
00000020  43 6c 69 65 6e 74 20 41  75 74 68 65 6e 74 69 63  |Client Authentic|
00000030  61 74 69 6f 6e 3c 2f 54  49 54 4c 45 3e 0a 3c 2f  |ation</TITLE>.</|
00000040  48 45 41 44 3e 0a 0a 3c  42 4f 44 59 20 54 45 58  |HEAD>..<BODY TEX|
00000050  54 3d 22 23 30 30 30 30  30 30 22 20 42 47 43 4f  |T="#000000" BGCO|
00000060  4c 4f 52 3d 22 23 66 66  66 66 66 66 22 20 4c 49  |LOR="#ffffff" LI|
00000070  4e 4b 3d 22 23 30 30 34  34 39 39 22 20 56 4c 49  |NK="#004499" VLI|
00000080  4e 4b 3d 22 23 30 30 32  32 34 63 22 20 41 4c 49  |NK="#00224c" ALI|
00000090  4e 4b 3d 22 23 30 30 63  63 30 30 22 3e 0a 0a 3c  |NK="#00cc00">..<|
000000a0  48 31 3e 3c 49 4d 47 20  53 52 43 3d 22 69 6d 61  |H1><IMG SRC="ima|
000000b0  67 65 73 2f 77 6f 72 6c  64 22 20 41 4c 49 47 4e  |ges/world" ALIGN|
000000c0  3d 41 42 53 4d 49 44 44  4c 45 3e 20 20 43 6c 69  |=ABSMIDDLE>  Cli|
000000d0  65 6e 74 20 41 75 74 68  65 6e 74 69 63 61 74 69  |ent Authenticati|
000000e0  6f 6e 3c 2f 48 31 3e 0a  3c 48 52 3e 0a 0a 3c 41  |on</H1>.<HR>..<A|
000000f0  20 4e 41 4d 45 3d 22 69  6e 74 72 6f 64 75 63 74  | NAME="introduct|
00000100  69 6f 6e 22 3e 3c 48 32  3e 49 6e 74 72 6f 64 75  |ion"><H2>Introdu|
00000110  63 74 69 6f 6e 3c 2f 48  32 3e 3c 2f 41 3e 0a 0a  |ction</H2></A>..|
00000120  3c 50 3e 43 6c 69 65 6e  74 20 41 75 74 68 65 6e  |<P>Client Authen|
00000130  74 69 63 61 74 69 6f 6e  20 69 73 20 74 68 65 20  |tication is the |
00000140  6e 61 6d 65 20 6f 66 20  74 68 65 20 73 74 61 6e  |name of the stan|
00000150  64 61 72 64 20 70 61 73  73 77 6f 72 64 20 73 79  |dard password sy|
00000160  73 74 65 6d 20 66 6f 72  20 57 57 57 20 73 65 72  |stem for WWW ser|
00000170  76 65 72 73 2e 20 20 49  74 20 61 6c 6c 6f 77 73  |vers.  It allows|
00000180  20 79 6f 75 20 74 6f 20  72 65 73 74 72 69 63 74  | you to restrict|
00000190  20 74 68 65 20 61 63 63  65 73 73 65 73 20 74 6f  | the accesses to|
000001a0  20 79 6f 75 72 20 57 57  57 20 73 65 72 76 65 72  | your WWW server|
000001b0  20 66 6f 72 20 74 68 65  20 70 75 72 70 6f 73 65  | for the purpose|
000001c0  20 6f 66 20 6b 65 65 70  69 6e 67 20 64 6f 77 6e  | of keeping down|
000001d0  20 69 74 73 20 75 73 65  20 6f 72 20 70 72 6f 74  | its use or prot|
000001e0  65 63 74 69 6e 67 20 73  65 6e 73 69 74 69 76 65  |ecting sensitive|
000001f0  20 6f 72 20 70 72 69 76  61 74 65 20 64 61 74 61  | or private data|
00000200  2e 3c 2f 50 3e 0a 0a 3c  50 3e 43 6c 69 65 6e 74  |.</P>..<P>Client|
00000210  73 20 77 68 6f 20 63 61  6e 20 73 75 70 70 6c 79  |s who can supply|
00000220  20 61 20 76 61 6c 69 64  20 75 73 65 72 6e 61 6d  | a valid usernam|
00000230  65 20 61 6e 64 20 70 61  73 73 77 6f 72 64 20 28  |e and password (|
00000240  68 65 6e 63 65 66 6f 72  74 68 20 72 65 66 65 72  |henceforth refer|
00000250  72 65 64 20 74 6f 20 61  73 20 27 63 72 65 64 65  |red to as 'crede|
00000260  6e 74 69 61 6c 73 27 29  20 66 6f 72 20 74 68 65  |ntials') for the|
00000270  20 70 72 6f 74 65 63 74  65 64 20 27 72 65 61 6c  | protected 'real|
00000280  6d 27 20 28 64 69 72 65  63 74 6f 72 79 20 6f 6e  |m' (directory on|
00000290  20 74 68 65 20 73 65 72  76 65 72 29 20 61 72 65  | the server) are|
000002a0  20 61 6c 6c 6f 77 65 64  20 74 6f 20 72 65 74 72  | allowed to retr|
000002b0  69 65 76 65 20 70 61 67  65 73 20 66 72 6f 6d 20  |ieve pages from |
000002c0  77 69 74 68 69 6e 20 74  68 61 74 20 72 65 61 6c  |within that real|
000002d0  6d 2e 20 20 43 6c 69 65  6e 74 73 20 77 68 6f 20  |m.  Clients who |
000002e0  63 61 6e 6e 6f 74 20 73  75 62 6d 69 74 20 76 61  |cannot submit va|
000002f0  6c 69 64 20 63 72 65 64  65 6e 74 69 61 6c 73 20  |lid credentials |
00000300  61 72 65 20 72 65 6a 65  63 74 65 64 20 61 6e 64  |are rejected and|
00000310  20 70 72 65 73 65 6e 74  65 64 20 77 69 74 68 20  | presented with |
00000320  61 6e 20 27 55 6e 61 75  74 68 6f 72 69 7a 65 64  |an 'Unauthorized|
00000330  27 20 73 63 72 65 65 6e  2e 3c 2f 50 3e 0a 0a 3c  |' screen.</P>..<|
00000340  50 3e 57 68 61 74 20 77  69 6c 6c 20 74 79 70 69  |P>What will typi|
00000350  63 61 6c 6c 79 20 68 61  70 70 65 6e 20 69 73 20  |cally happen is |
00000360  74 68 61 74 20 74 68 65  20 63 6c 69 65 6e 74 20  |that the client |
00000370  77 69 6c 6c 20 74 72 79  20 74 6f 20 61 63 63 65  |will try to acce|
00000380  73 73 20 6f 6e 65 20 6f  66 20 74 68 65 20 73 65  |ss one of the se|
00000390  72 76 65 72 27 73 20 70  61 67 65 73 2c 20 74 68  |rver's pages, th|
000003a0  65 20 73 65 72 76 65 72  20 77 69 6c 6c 20 66 61  |e server will fa|
000003b0  75 6c 74 20 74 68 65 20  72 65 71 75 65 73 74 20  |ult the request |
000003c0  61 6e 64 20 69 6e 66 6f  72 6d 20 74 68 65 20 63  |and inform the c|
000003d0  6c 69 65 6e 74 20 74 68  61 74 20 69 74 20 6e 65  |lient that it ne|
000003e0  65 64 73 20 73 6f 6d 65  20 63 72 65 64 65 6e 74  |eds some credent|
000003f0  69 61 6c 73 20 62 65 66  6f 72 65 20 63 6f 6e 74  |ials before cont|
00000400  69 6e 75 69 6e 67 2e 20  20 54 68 65 20 63 6c 69  |inuing.  The cli|
00000410  65 6e 74 20 77 69 6c 6c  20 74 68 65 6e 20 72 65  |ent will then re|
00000420  71 75 65 73 74 20 66 72  6f 6d 20 74 68 65 20 75  |quest from the u|
00000430  73 65 72 2c 20 70 65 72  68 61 70 73 20 76 69 61  |ser, perhaps via|
00000440  20 61 20 64 69 61 6c 6f  67 75 65 20 62 6f 78 2c  | a dialogue box,|
00000450  20 61 20 75 73 65 72 6e  61 6d 65 20 61 6e 64 20  | a username and |
00000460  70 61 73 73 77 6f 72 64  20 77 68 69 63 68 20 77  |password which w|
00000470  69 6c 6c 20 62 65 20 75  73 65 64 20 66 72 6f 6d  |ill be used from|
00000480  20 74 68 65 6e 20 6f 6e  20 61 73 20 69 64 65 6e  | then on as iden|
00000490  74 69 66 69 63 61 74 69  6f 6e 20 77 68 65 6e 20  |tification when |
000004a0  61 63 63 65 73 73 69 6e  67 20 74 68 65 20 73 65  |accessing the se|
000004b0  72 76 65 72 2e 20 20 54  68 65 20 63 6c 69 65 6e  |rver.  The clien|
000004c0  74 20 77 69 6c 6c 20 70  72 65 73 65 6e 74 20 74  |t will present t|
000004d0  68 65 73 65 20 63 72 65  64 65 6e 74 69 61 6c 73  |hese credentials|
000004e0  20 74 6f 20 74 68 65 20  73 65 72 76 65 72 2c 20  | to the server, |
000004f0  77 68 69 63 68 20 74 68  65 20 73 65 72 76 65 72  |which the server|
00000500  20 77 69 6c 6c 20 63 68  65 63 6b 20 61 6e 64 20  | will check and |
00000510  65 69 74 68 65 72 20 61  63 63 65 70 74 20 61 6e  |either accept an|
00000520  64 20 73 65 72 76 65 20  74 68 65 20 70 61 67 65  |d serve the page|
00000530  2c 20 6f 72 20 72 65 6a  65 63 74 2e 3c 2f 50 3e  |, or reject.</P>|
00000540  0a 0a 3c 50 3e 4e 65 74  70 6c 65 78 20 73 75 70  |..<P>Netplex sup|
00000550  70 6f 72 74 73 20 42 61  73 69 63 20 41 75 74 68  |ports Basic Auth|
00000560  65 6e 74 69 63 61 74 69  6f 6e 20 77 68 69 63 68  |entication which|
00000570  20 69 73 20 74 68 65 20  73 74 61 6e 64 61 72 64  | is the standard|
00000580  20 61 75 74 68 65 6e 74  69 63 61 74 69 6f 6e 20  | authentication |
00000590  6d 65 74 68 6f 64 2e 20  20 48 6f 77 65 76 65 72  |method.  However|
000005a0  2c 20 42 61 73 69 63 20  41 75 74 68 65 6e 74 69  |, Basic Authenti|
000005b0  63 61 74 69 6f 6e 20 69  73 20 6e 6f 74 20 61 20  |cation is not a |
000005c0  74 72 75 6c 79 20 73 65  63 75 72 65 20 6d 65 74  |truly secure met|
000005d0  68 6f 64 20 6f 66 20 74  72 61 6e 73 66 65 72 20  |hod of transfer |
000005e0  2d 20 74 68 65 20 63 72  65 64 65 6e 74 69 61 6c  |- the credential|
000005f0  73 20 61 72 65 20 6e 6f  74 20 73 65 63 75 72 65  |s are not secure|
00000600  6c 79 20 65 6e 63 6f 64  65 64 20 61 6e 64 20 74  |ly encoded and t|
00000610  68 65 20 65 6e 74 69 74  79 20 62 6f 64 79 20 69  |he entity body i|
00000620  73 20 6e 6f 74 20 65 6e  63 6f 64 65 64 20 61 74  |s not encoded at|
00000630  20 61 6c 6c 20 2d 20 79  6f 75 20 73 68 6f 75 6c  | all - you shoul|
00000640  64 6e 27 74 20 75 73 65  20 69 74 20 66 6f 72 20  |dn't use it for |
00000650  74 68 65 20 74 72 61 6e  73 66 65 72 20 6f 66 20  |the transfer of |
00000660  73 65 6e 73 69 74 69 76  65 20 64 61 74 61 20 28  |sensitive data (|
00000670  65 2e 67 2e 20 43 72 65  64 69 74 20 43 61 72 64  |e.g. Credit Card|
00000680  20 64 65 74 61 69 6c 73  29 20 69 66 20 79 6f 75  | details) if you|
00000690  20 64 6f 20 6e 6f 74 20  62 65 6c 69 65 76 65 20  | do not believe |
000006a0  79 6f 75 72 20 6e 65 74  77 6f 72 6b 20 74 6f 20  |your network to |
000006b0  62 65 20 73 65 63 75 72  65 2e 3c 2f 50 3e 0a 0a  |be secure.</P>..|
000006c0  3c 41 20 4e 41 4d 45 3d  22 65 6e 61 62 6c 69 6e  |<A NAME="enablin|
000006d0  67 22 3e 3c 48 32 3e 45  6e 61 62 6c 69 6e 67 3c  |g"><H2>Enabling<|
000006e0  2f 48 32 3e 3c 2f 41 3e  0a 0a 3c 50 3e 54 6f 20  |/H2></A>..<P>To |
000006f0  65 6e 61 62 6c 65 20 43  6c 69 65 6e 74 20 41 75  |enable Client Au|
00000700  74 68 65 6e 74 69 63 61  74 69 6f 6e 20 66 6f 72  |thentication for|
00000710  20 79 6f 75 72 20 73 65  72 76 65 72 2c 20 79 6f  | your server, yo|
00000720  75 20 6d 75 73 74 20 66  69 72 73 74 20 64 65 63  |u must first dec|
00000730  69 64 65 20 77 68 69 63  68 20 64 69 72 65 63 74  |ide which direct|
00000740  6f 72 69 65 73 20 79 6f  75 20 77 61 6e 74 20 70  |ories you want p|
00000750  72 6f 74 65 63 74 65 64  20 61 6e 64 20 74 68 65  |rotected and the|
00000760  6e 20 63 72 65 61 74 65  20 61 20 73 75 69 74 61  |n create a suita|
00000770  62 6c 65 20 43 6f 6e 66  69 67 75 72 61 74 69 6f  |ble Configuratio|
00000780  6e 20 66 69 6c 65 2e 20  20 41 73 20 61 6e 20 65  |n file.  As an e|
00000790  78 61 6d 70 6c 65 2c 20  63 6f 6e 73 69 64 65 72  |xample, consider|
000007a0  20 74 68 65 20 66 6f 6c  6c 6f 77 69 6e 67 20 70  | the following p|
000007b0  61 72 74 69 61 6c 20 72  65 70 72 65 73 65 6e 74  |artial represent|
000007c0  61 74 69 6f 6e 20 6f 66  20 61 20 64 69 72 65 63  |ation of a direc|
000007d0  74 6f 72 79 20 73 74 72  75 63 74 75 72 65 20 3a  |tory structure :|
000007e0  3c 2f 50 3e 0a 0a 3c 43  45 4e 54 45 52 3e 3c 50  |</P>..<CENTER><P|
000007f0  3e 3c 49 4d 47 20 53 52  43 3d 22 69 6d 61 67 65  |><IMG SRC="image|
00000800  73 2f 72 65 61 6c 6d 73  22 20 57 49 44 54 48 3d  |s/realms" WIDTH=|
00000810  32 38 31 20 48 45 49 47  48 54 3d 31 34 39 3e 3c  |281 HEIGHT=149><|
00000820  2f 50 3e 3c 2f 43 45 4e  54 45 52 3e 0a 0a 3c 50  |/P></CENTER>..<P|
00000830  3e 54 68 65 20 64 69 72  65 63 74 6f 72 69 65 73  |>The directories|
00000840  20 6f 75 74 6c 69 6e 65  64 20 69 6e 20 72 65 64  | outlined in red|
00000850  20 61 72 65 20 74 68 65  20 6f 6e 65 73 20 77 65  | are the ones we|
00000860  20 77 61 6e 74 20 74 6f  20 70 72 6f 74 65 63 74  | want to protect|
00000870  20 2d 20 74 68 65 79 20  63 6f 6e 74 61 69 6e 20  | - they contain |
00000880  69 6e 66 6f 72 6d 61 74  69 6f 6e 20 66 6f 72 20  |information for |
00000890  6d 65 6d 62 65 72 73 20  6f 66 20 73 74 61 66 66  |members of staff|
000008a0  20 6f 6e 6c 79 2e 20 20  54 68 65 20 53 74 61 66  | only.  The Staf|
000008b0  66 20 64 69 72 65 63 74  6f 72 79 20 6e 65 61 72  |f directory near|
000008c0  65 73 74 20 74 68 65 20  74 6f 70 20 6f 66 20 74  |est the top of t|
000008d0  68 65 20 64 69 61 67 72  61 6d 20 69 73 20 74 6f  |he diagram is to|
000008e0  20 62 65 20 6d 61 64 65  20 61 76 61 69 6c 61 62  | be made availab|
000008f0  6c 65 20 74 6f 20 61 6c  6c 20 73 74 61 66 66 2c  |le to all staff,|
00000900  20 77 68 65 72 65 61 73  20 74 68 65 20 6f 6e 65  | whereas the one|
00000910  20 6e 65 61 72 65 73 74  20 74 68 65 20 62 6f 74  | nearest the bot|
00000920  74 6f 6d 20 69 73 20 66  6f 72 20 4d 61 74 68 73  |tom is for Maths|
00000930  20 73 74 61 66 66 20 6f  6e 6c 79 2e 3c 2f 50 3e  | staff only.</P>|
00000940  0a 0a 3c 41 20 4e 41 4d  45 3d 22 63 66 67 2d 72  |..<A NAME="cfg-r|
00000950  65 61 6c 6d 73 22 3e 3c  2f 41 3e 0a 3c 50 3e 54  |ealms"></A>.<P>T|
00000960  6f 20 70 72 6f 74 65 63  74 20 74 68 65 73 65 20  |o protect these |
00000970  64 69 72 65 63 74 6f 72  69 65 73 20 77 65 20 6d  |directories we m|
00000980  75 73 74 20 63 72 65 61  74 65 20 61 20 43 6f 6e  |ust create a Con|
00000990  66 69 67 75 72 61 74 69  6f 6e 20 66 69 6c 65 20  |figuration file |
000009a0  63 61 6c 6c 65 64 20 27  52 65 61 6c 6d 73 27 20  |called 'Realms' |
000009b0  61 6e 64 20 70 75 74 20  74 68 69 73 20 69 6e 20  |and put this in |
000009c0  74 68 65 20 74 6f 70 2d  6c 65 76 65 6c 20 77 65  |the top-level we|
000009d0  62 20 70 61 67 65 20 64  69 72 65 63 74 6f 72 79  |b page directory|
000009e0  2e 20 20 54 68 69 73 20  66 69 6c 65 20 64 65 66  |.  This file def|
000009f0  69 6e 65 73 20 77 68 69  63 68 20 64 69 72 65 63  |ines which direc|
00000a00  74 6f 72 69 65 73 20 61  72 65 20 72 65 61 6c 6d  |tories are realm|
00000a10  73 2c 20 74 68 65 69 72  20 72 65 61 6c 6d 20 6e  |s, their realm n|
00000a20  61 6d 65 73 20 61 6e 64  20 68 6f 77 20 74 68 65  |ames and how the|
00000a30  79 20 61 72 65 20 70 72  6f 74 65 63 74 65 64 2e  |y are protected.|
00000a40  20 20 46 6f 72 20 6f 75  72 20 65 78 61 6d 70 6c  |  For our exampl|
00000a50  65 20 69 74 20 77 6f 75  6c 64 20 62 65 20 61 73  |e it would be as|
00000a60  20 66 6f 6c 6c 6f 77 73  20 3a 3c 2f 50 3e 0a 0a  | follows :</P>..|
00000a70  3c 50 52 45 3e 3c 50 3e  0a 23 20 52 65 61 6c 6d  |<PRE><P>.# Realm|
00000a80  73 20 66 69 6c 65 20 66  6f 72 20 53 74 2e 20 46  |s file for St. F|
00000a90  72 6f 62 6e 69 74 7a 27  20 53 63 68 6f 6f 6c 20  |robnitz' School |
00000aa0  57 57 57 20 53 65 72 76  65 72 0a 23 0a 52 65 61  |WWW Server.#.Rea|
00000ab0  6c 6d 73 0a 2f 73 74 61  66 66 3a 53 74 61 66 66  |lms./staff:Staff|
00000ac0  3a 53 74 61 66 66 41 75  74 68 0a 2f 73 75 62 6a  |:StaffAuth./subj|
00000ad0  65 63 74 73 2f 6d 61 74  68 73 2f 73 74 61 66 66  |ects/maths/staff|
00000ae0  3a 4d 61 74 68 73 20 73  74 61 66 66 3a 4d 61 74  |:Maths staff:Mat|
00000af0  68 73 41 75 74 68 0a 3c  2f 50 3e 3c 2f 50 52 45  |hsAuth.</P></PRE|
00000b00  3e 0a 0a 3c 50 3e 54 68  65 20 6c 69 6e 65 73 20  |>..<P>The lines |
00000b10  62 65 67 69 6e 6e 69 6e  67 20 77 69 74 68 20 27  |beginning with '|
00000b20  23 27 20 61 72 65 20 63  6f 6d 6d 65 6e 74 73 2e  |#' are comments.|
00000b30  20 20 54 68 65 20 66 69  72 73 74 20 6e 6f 6e 2d  |  The first non-|
00000b40  63 6f 6d 6d 65 6e 74 20  6c 69 6e 65 2c 20 27 52  |comment line, 'R|
00000b50  65 61 6c 6d 73 27 2c 20  73 70 65 63 69 66 69 65  |ealms', specifie|
00000b60  73 20 74 68 61 74 20 74  68 69 73 20 63 6f 6e 66  |s that this conf|
00000b70  69 67 75 72 61 74 69 6f  6e 20 66 69 6c 65 20 64  |iguration file d|
00000b80  65 66 69 6e 65 73 20 72  65 61 6c 6d 20 70 72 6f  |efines realm pro|
00000b90  70 65 72 74 69 65 73 2e  20 20 4c 6f 6f 6b 69 6e  |perties.  Lookin|
00000ba0  67 20 61 74 20 74 68 65  20 6e 65 78 74 20 6c 69  |g at the next li|
00000bb0  6e 65 20 79 6f 75 20 63  61 6e 20 73 65 65 20 74  |ne you can see t|
00000bc0  68 61 74 20 74 68 65 72  65 20 61 72 65 20 74 68  |hat there are th|
00000bd0  72 65 65 20 65 6c 65 6d  65 6e 74 73 2c 20 73 65  |ree elements, se|
00000be0  70 61 72 61 74 65 64 20  62 79 20 27 3a 27 2e 20  |parated by ':'. |
00000bf0  20 54 68 65 20 66 69 72  73 74 20 65 6c 65 6d 65  | The first eleme|
00000c00  6e 74 20 27 2f 73 74 61  66 66 27 20 64 65 66 69  |nt '/staff' defi|
00000c10  6e 65 73 20 74 68 65 20  64 69 72 65 63 74 6f 72  |nes the director|
00000c20  79 20 77 68 69 63 68 20  69 73 20 74 6f 20 62 65  |y which is to be|
00000c30  20 70 72 6f 74 65 63 74  65 64 2c 20 74 68 69 73  | protected, this|
00000c40  20 69 73 20 73 70 65 63  69 66 69 65 64 20 69 6e  | is specified in|
00000c50  20 74 68 65 20 73 61 6d  65 20 66 6f 72 6d 61 74  | the same format|
00000c60  20 61 73 20 69 74 20 77  6f 75 6c 64 20 62 65 20  | as it would be |
00000c70  69 6e 20 61 20 55 52 4c  2e 20 20 54 68 65 20 6e  |in a URL.  The n|
00000c80  65 78 74 20 65 6c 65 6d  65 6e 74 20 27 53 74 61  |ext element 'Sta|
00000c90  66 66 27 20 64 65 66 69  6e 65 73 20 74 68 65 20  |ff' defines the |
00000ca0  6e 61 6d 65 20 6f 66 20  74 68 65 20 72 65 61 6c  |name of the real|
00000cb0  6d 2c 20 77 68 69 63 68  20 69 73 20 75 73 65 64  |m, which is used|
00000cc0  20 62 79 20 74 68 65 20  63 6c 69 65 6e 74 20 74  | by the client t|
00000cd0  6f 20 64 69 66 66 65 72  65 6e 74 69 61 74 65 20  |o differentiate |
00000ce0  72 65 61 6c 6d 73 2e 20  20 54 68 65 20 6c 61 73  |realms.  The las|
00000cf0  74 20 65 6c 65 6d 65 6e  74 20 27 53 74 61 66 66  |t element 'Staff|
00000d00  41 75 74 68 27 20 69 73  20 74 68 65 20 66 69 6c  |Auth' is the fil|
00000d10  65 6e 61 6d 65 20 6f 66  20 74 68 65 20 3c 49 3e  |ename of the <I>|
00000d20  41 75 74 68 6f 72 69 73  61 74 69 6f 6e 20 66 69  |Authorisation fi|
00000d30  6c 65 3c 2f 49 3e 20 77  68 69 63 68 20 68 6f 6c  |le</I> which hol|
00000d40  64 73 20 74 68 65 20 63  72 65 64 65 6e 74 69 61  |ds the credentia|
00000d50  6c 73 20 66 6f 72 20 74  68 61 74 20 72 65 61 6c  |ls for that real|
00000d60  6d 2e 20 20 54 68 65 20  66 69 6c 65 6e 61 6d 65  |m.  The filename|
00000d70  20 69 73 20 67 69 76 65  6e 20 72 65 6c 61 74 69  | is given relati|
00000d80  76 65 20 74 6f 20 74 68  65 20 72 6f 6f 74 20 64  |ve to the root d|
00000d90  69 72 65 63 74 6f 72 79  2c 20 73 6f 20 61 6e 20  |irectory, so an |
00000da0  61 75 74 68 20 66 69 6c  65 20 63 61 6c 6c 65 64  |auth file called|
00000db0  20 27 47 65 72 6d 61 6e  27 20 69 6e 20 61 20 64  | 'German' in a d|
00000dc0  69 72 65 63 74 6f 72 79  20 63 61 6c 6c 65 64 20  |irectory called |
00000dd0  27 41 75 74 68 46 69 6c  65 73 27 20 77 6f 75 6c  |'AuthFiles' woul|
00000de0  64 20 62 65 20 73 70 65  63 69 66 69 65 64 20 61  |d be specified a|
00000df0  73 20 27 41 75 74 68 46  69 6c 65 73 2e 47 65 72  |s 'AuthFiles.Ger|
00000e00  6d 61 6e 27 2e 3c 2f 50  3e 0a 0a 3c 41 20 4e 41  |man'.</P>..<A NA|
00000e10  4d 45 3d 22 63 66 67 2d  61 75 74 68 22 3e 3c 2f  |ME="cfg-auth"></|
00000e20  41 3e 0a 3c 50 3e 41 75  74 68 6f 72 69 73 61 74  |A>.<P>Authorisat|
00000e30  69 6f 6e 20 66 69 6c 65  73 20 61 72 65 20 74 68  |ion files are th|
00000e40  65 20 66 69 6c 65 73 20  74 68 61 74 20 68 6f 6c  |e files that hol|
00000e50  64 20 74 68 65 20 61 75  74 68 6f 72 69 73 65 64  |d the authorised|
00000e60  20 75 73 65 72 73 27 20  63 72 65 64 65 6e 74 69  | users' credenti|
00000e70  61 6c 73 20 2d 20 74 68  65 79 20 63 6f 6e 74 61  |als - they conta|
00000e80  69 6e 20 61 20 6c 69 73  74 20 6f 66 20 75 73 65  |in a list of use|
00000e90  72 6e 61 6d 65 3a 70 61  73 73 77 6f 72 64 20 70  |rname:password p|
00000ea0  61 69 72 73 20 6c 69 73  74 69 6e 67 20 74 68 65  |airs listing the|
00000eb0  20 75 73 65 72 73 20 74  68 61 74 20 61 72 65 20  | users that are |
00000ec0  61 75 74 68 6f 72 69 73  65 64 20 74 6f 20 75 73  |authorised to us|
00000ed0  65 20 74 68 65 20 72 65  73 70 65 63 74 69 76 65  |e the respective|
00000ee0  20 72 65 61 6c 6d 2e 20  20 54 68 65 20 66 6f 6c  | realm.  The fol|
00000ef0  6c 6f 77 69 6e 67 20 69  73 20 61 6e 20 65 78 61  |lowing is an exa|
00000f00  6d 70 6c 65 20 41 75 74  68 6f 72 69 73 61 74 69  |mple Authorisati|
00000f10  6f 6e 20 66 69 6c 65 20  3a 3c 2f 50 3e 0a 0a 3c  |on file :</P>..<|
00000f20  50 52 45 3e 3c 50 3e 0a  23 20 45 78 61 6d 70 6c  |PRE><P>.# Exampl|
00000f30  65 20 41 75 74 68 6f 72  69 73 61 74 69 6f 6e 20  |e Authorisation |
00000f40  66 69 6c 65 0a 23 0a 23  20 54 68 65 20 66 6f 72  |file.#.# The for|
00000f50  6d 61 74 20 69 73 20 26  6c 74 3b 75 73 65 72 6e  |mat is &lt;usern|
00000f60  61 6d 65 26 67 74 3b 3a  26 6c 74 3b 70 61 73 73  |ame&gt;:&lt;pass|
00000f70  77 6f 72 64 26 67 74 3b  0a 23 0a 41 75 74 68 6f  |word&gt;.#.Autho|
00000f80  72 69 73 61 74 69 6f 6e  0a 64 74 68 6f 6d 61 73  |risation.dthomas|
00000f90  3a 63 68 69 70 73 0a 70  6a 6f 6e 65 73 3a 73 6f  |:chips.pjones:so|
00000fa0  73 73 0a 6a 6b 65 6c 6c  79 3a 65 67 67 0a 6a 73  |ss.jkelly:egg.js|
00000fb0  6d 69 74 68 3a 72 61 74  0a 3c 2f 50 3e 3c 2f 50  |mith:rat.</P></P|
00000fc0  52 45 3e 0a 0a 3c 50 3e  54 68 65 20 6c 69 6e 65  |RE>..<P>The line|
00000fd0  73 20 62 65 67 69 6e 6e  69 6e 67 20 77 69 74 68  |s beginning with|
00000fe0  20 27 23 27 20 61 72 65  20 63 6f 6d 6d 65 6e 74  | '#' are comment|
00000ff0  73 2e 20 20 54 68 65 20  66 69 72 73 74 20 6e 6f  |s.  The first no|
00001000  6e 2d 63 6f 6d 6d 65 6e  74 20 6c 69 6e 65 20 69  |n-comment line i|
00001010  64 65 6e 74 69 66 69 65  73 20 74 68 65 20 66 69  |dentifies the fi|
00001020  6c 65 20 61 73 20 61 6e  20 41 75 74 68 6f 72 69  |le as an Authori|
00001030  73 61 74 69 6f 6e 20 66  69 6c 65 20 61 6e 64 20  |sation file and |
00001040  74 68 65 20 72 65 6d 61  69 6e 69 6e 67 20 6c 69  |the remaining li|
00001050  6e 65 73 20 61 72 65 20  6f 66 20 74 68 65 20 66  |nes are of the f|
00001060  6f 72 6d 61 74 20 27 75  73 65 72 6e 61 6d 65 3a  |ormat 'username:|
00001070  70 61 73 73 77 6f 72 64  27 2e 3c 2f 50 3e 0a 0a  |password'.</P>..|
00001080  3c 50 3e 4f 6e 63 65 20  61 20 52 65 61 6c 6d 20  |<P>Once a Realm |
00001090  66 69 6c 65 20 61 6e 64  20 69 74 73 20 61 73 73  |file and its ass|
000010a0  6f 63 69 61 74 65 64 20  41 75 74 68 6f 72 69 73  |ociated Authoris|
000010b0  61 74 69 6f 6e 20 66 69  6c 65 73 20 68 61 76 65  |ation files have|
000010c0  20 62 65 65 6e 20 70 6c  61 63 65 64 20 69 6e 20  | been placed in |
000010d0  74 68 65 20 72 6f 6f 74  20 77 65 62 20 70 61 67  |the root web pag|
000010e0  65 20 64 69 72 65 63 74  6f 72 79 2c 20 79 6f 75  |e directory, you|
000010f0  20 6d 75 73 74 20 72 65  73 74 61 72 74 20 4e 65  | must restart Ne|
00001100  74 70 6c 65 78 2e 20 20  41 66 74 65 72 20 4e 65  |tplex.  After Ne|
00001110  74 70 6c 65 78 20 69 73  20 62 61 63 6b 20 75 70  |tplex is back up|
00001120  20 61 6e 64 20 72 75 6e  6e 69 6e 67 2c 20 61 6e  | and running, an|
00001130  79 20 63 6f 6e 6e 65 63  74 69 6f 6e 20 61 74 74  |y connection att|
00001140  65 6d 70 74 73 20 77 69  6c 6c 20 62 65 20 73 75  |empts will be su|
00001150  62 6a 65 63 74 20 74 6f  20 74 68 65 20 61 70 70  |bject to the app|
00001160  6c 69 63 61 62 6c 65 20  61 75 74 68 6f 72 69 73  |licable authoris|
00001170  61 74 69 6f 6e 20 63 6f  6e 74 72 6f 6c 73 2e 3c  |ation controls.<|
00001180  2f 50 3e 0a 0a 3c 41 20  4e 41 4d 45 3d 22 6e 6f  |/P>..<A NAME="no|
00001190  74 65 73 22 3e 3c 48 32  3e 4e 6f 74 65 73 3c 2f  |tes"><H2>Notes</|
000011a0  48 32 3e 3c 2f 41 3e 0a  0a 3c 55 4c 3e 0a 3c 4c  |H2></A>..<UL>.<L|
000011b0  49 3e 43 6c 69 65 6e 74  20 41 75 74 68 65 6e 74  |I>Client Authent|
000011c0  69 63 61 74 69 6f 6e 20  69 6e 63 75 72 73 20 61  |ication incurs a|
000011d0  20 73 70 65 65 64 20 70  65 6e 74 61 6c 74 79 2c  | speed pentalty,|
000011e0  20 61 73 20 4e 65 74 70  6c 65 78 20 6d 75 73 74  | as Netplex must|
000011f0  20 70 65 72 66 6f 72 6d  20 6d 61 74 63 68 65 73  | perform matches|
00001200  20 61 67 61 69 6e 73 74  20 55 52 4c 73 20 72 65  | against URLs re|
00001210  71 75 65 73 74 65 64 20  61 6e 64 20 64 6f 20 73  |quested and do s|
00001220  65 61 72 63 68 65 73 20  74 68 72 6f 75 67 68 20  |earches through |
00001230  74 68 65 20 61 70 70 72  6f 70 72 69 61 74 65 20  |the appropriate |
00001240  41 75 74 68 6f 72 69 73  61 74 69 6f 6e 20 66 69  |Authorisation fi|
00001250  6c 65 73 2e 20 20 48 6f  77 65 76 65 72 2c 20 69  |les.  However, i|
00001260  6e 20 72 65 61 6c 20 75  73 65 2c 20 74 68 69 73  |n real use, this|
00001270  20 70 65 6e 61 6c 74 79  20 69 73 20 6f 6e 6c 79  | penalty is only|
00001280  20 6a 75 73 74 20 70 65  72 63 65 70 74 69 62 6c  | just perceptibl|
00001290  65 2e 20 20 41 20 72 6f  75 67 68 20 67 75 69 64  |e.  A rough guid|
000012a0  65 20 74 6f 20 74 68 65  20 73 70 65 65 64 20 6f  |e to the speed o|
000012b0  66 20 61 75 74 68 65 6e  74 69 63 61 74 69 6f 6e  |f authentication|
000012c0  20 69 73 20 74 68 61 74  20 77 68 65 6e 20 75 73  | is that when us|
000012d0  69 6e 67 20 61 20 34 34  30 30 2d 75 73 65 72 20  |ing a 4400-user |
000012e0  66 69 6c 65 2c 20 69 74  20 74 61 6b 65 73 20 61  |file, it takes a|
000012f0  62 6f 75 74 20 61 20 73  65 63 6f 6e 64 20 74 6f  |bout a second to|
00001300  20 61 75 74 68 65 6e 74  69 63 61 74 65 20 61 20  | authenticate a |
00001310  75 73 65 72 20 28 6f 6e  20 61 20 52 69 73 63 20  |user (on a Risc |
00001320  50 43 20 36 30 30 29 2e  0a 0a 3c 4c 49 3e 27 2f  |PC 600)...<LI>'/|
00001330  27 20 69 73 20 61 20 76  61 6c 69 64 20 73 70 65  |' is a valid spe|
00001340  63 69 66 69 65 72 20 69  66 20 79 6f 75 20 77 69  |cifier if you wi|
00001350  73 68 20 74 6f 20 74 72  65 61 74 20 74 68 65 20  |sh to treat the |
00001360  77 68 6f 6c 65 20 73 65  72 76 65 72 20 61 73 20  |whole server as |
00001370  61 20 73 69 6e 67 6c 65  20 72 65 61 6c 6d 2e 0a  |a single realm..|
00001380  0a 3c 4c 49 3e 41 20 6d  61 78 69 6d 75 6d 20 6f  |.<LI>A maximum o|
00001390  66 20 66 6f 75 72 20 72  65 61 6c 6d 73 20 63 61  |f four realms ca|
000013a0  6e 20 62 65 20 64 65 66  69 6e 65 64 20 28 63 6f  |n be defined (co|
000013b0  6e 74 61 63 74 20 6d 65  20 69 66 20 79 6f 75 20  |ntact me if you |
000013c0  6e 65 65 64 20 6d 6f 72  65 29 2e 0a 0a 3c 4c 49  |need more)...<LI|
000013d0  3e 45 78 61 6d 70 6c 65  20 52 65 61 6c 6d 73 20  |>Example Realms |
000013e0  61 6e 64 20 41 75 74 68  6f 72 69 73 65 20 66 69  |and Authorise fi|
000013f0  6c 65 73 20 61 72 65 20  70 72 6f 76 69 64 65 64  |les are provided|
00001400  20 69 6e 20 74 68 65 20  21 4e 65 74 70 6c 65 78  | in the !Netplex|
00001410  2e 21 48 65 6c 70 2e 48  54 4d 4c 2e 61 75 74 68  |.!Help.HTML.auth|
00001420  20 64 69 72 65 63 74 6f  72 79 2e 20 20 54 68 65  | directory.  The|
00001430  79 20 61 72 65 20 63 6f  6e 66 69 67 75 72 65 64  |y are configured|
00001440  20 74 6f 20 70 72 6f 74  65 63 74 20 74 68 65 20  | to protect the |
00001450  63 67 69 2d 62 69 6e 20  64 69 72 65 63 74 6f 72  |cgi-bin director|
00001460  79 2e 0a 0a 3c 2f 55 4c  3e 0a 0a 3c 48 52 3e 0a  |y...</UL>..<HR>.|
00001470  0a 3c 50 3e 3c 43 45 4e  54 45 52 3e 0a 3c 41 20  |.<P><CENTER>.<A |
00001480  48 52 45 46 3d 22 31 31  2d 72 65 64 69 72 22 3e  |HREF="11-redir">|
00001490  3c 49 4d 47 20 53 52 43  3d 22 69 6d 61 67 65 73  |<IMG SRC="images|
000014a0  2f 62 75 74 74 6f 6e 73  2f 62 61 6b 22 20 57 49  |/buttons/bak" WI|
000014b0  44 54 48 3d 33 32 20 48  45 49 47 48 54 3d 33 32  |DTH=32 HEIGHT=32|
000014c0  20 42 4f 52 44 45 52 3d  30 20 41 4c 54 3d 22 5b  | BORDER=0 ALT="[|
000014d0  20 50 72 65 76 69 6f 75  73 20 5d 22 3e 3c 2f 41  | Previous ]"></A|
000014e0  3e 0a 3c 41 20 48 52 45  46 3d 22 69 6e 64 65 78  |>.<A HREF="index|
000014f0  22 3e 3c 49 4d 47 20 53  52 43 3d 22 69 6d 61 67  |"><IMG SRC="imag|
00001500  65 73 2f 62 75 74 74 6f  6e 73 2f 75 70 22 20 57  |es/buttons/up" W|
00001510  49 44 54 48 3d 33 32 20  48 45 49 47 48 54 3d 33  |IDTH=32 HEIGHT=3|
00001520  32 20 42 4f 52 44 45 52  3d 30 20 41 4c 54 3d 22  |2 BORDER=0 ALT="|
00001530  5b 20 49 6e 64 65 78 20  5d 22 3e 3c 2f 41 3e 0a  |[ Index ]"></A>.|
00001540  3c 41 20 48 52 45 46 3d  22 31 33 2d 63 67 69 22  |<A HREF="13-cgi"|
00001550  3e 3c 49 4d 47 20 53 52  43 3d 22 69 6d 61 67 65  |><IMG SRC="image|
00001560  73 2f 62 75 74 74 6f 6e  73 2f 66 77 64 22 20 57  |s/buttons/fwd" W|
00001570  49 44 54 48 3d 33 32 20  48 45 49 47 48 54 3d 33  |IDTH=32 HEIGHT=3|
00001580  32 20 42 4f 52 44 45 52  3d 30 20 41 4c 54 3d 22  |2 BORDER=0 ALT="|
00001590  5b 20 4e 65 78 74 20 5d  22 3e 3c 2f 41 3e 0a 3c  |[ Next ]"></A>.<|
000015a0  2f 43 45 4e 54 45 52 3e  3c 2f 50 3e 0a 0a 3c 2f  |/CENTER></P>..</|
000015b0  42 4f 44 59 3e 0a 0a 3c  2f 48 54 4d 4c 3e 0a     |BODY>..</HTML>.|
000015bf

© Dominic Ford 2021–2025.

Our privacy policy is here.
Last updated: 01 May 2025, 21:49 UTC
Website designed by .