[ Pobierz całość w formacie PDF ]
." Finally, the require valid-userdirective tells Apache to only allowaccess for those users who pass the authentication test. e4821-2 ch07.F 2/22/02 10:12 AM Page 204Part II &' Web Site Administration20410.You can restart the Apache server by using the /usr/local/apache/bin/apachectl restartcommand and can try accessing the http://your_server_name/memberonlydirectory to see if you can access the direc-tory with invalid usernames and passwords.If you enter a valid username andpassword, you should be authenticated.Managing Users and Groups in Any RDBMManaging users and groups in a database by hand is very cumbersome.Thankfully,you don t have to deal with such tasks.You can use a set of Perl scripts to handlethese chores quite efficiently.Here is how.1.You will need to install the DBI package and the appropriate DBD::databasemodules from the Comprehensive Perl Archive Network (CPAN).For example,if you installed MySQL database, as the root user you can install the DBI andDBD modules from the command-line as follows:perl -MCPAN -e  install DBIperl -MCPAN -e  install DBD::mysql2.Check whether you have two CPAN modules called HTTPD::UserAdminandHTTPD::GroupAdminin your installed Perl distribution.You can run thelocateUserAdmin.pmand locate GroupAdmin.pmcommands to determinewhether you have them.Typically, these two modules are installed as part ofthe standard distribution.For example, on my system these modules appearas follows:/usr/lib/perl5/site_perl/5.6.0/HTTPD/UserAdmin.pm/usr/lib/perl5/site_perl/5.6.0/HTTPD/GroupAdmin.pmIf you don t have one or both of the modules, install them as follows: as rootdownload the HTTPD::UserAdminand HTTPD::GroupAdminCPAN modulesfrom CPAN.On a Linux system you can simply run the following commands toinstall them:perl -MCPAN -e  install HTTPD::UserAdminperl -MCPAN -e  install HTTPD::GroupAdminTipYou might want to install the HTTPD::Tools package because it includes thetwo modules as well as other modules that are useful for Web servers in general.3.Copy the manage_users.plscript from the companion CD-ROM to /usr/bindirectory (see the CD Appendix for information on where to find /usr/bin).Change the file permission to allow you to run it.Set the permission usingchmod 750 /usr/bin/manage_users.plcommand.4.Use your favorite text editor to modify the following lines of the script.my $DB_HOST =  localhost ;my $DB_PORT =   ;my $DATABASE =  auth ;my $DB_DRIVER =  mysql ; e4821-2 ch07.F 2/22/02 10:12 AM Page 205Chapter 7 &' Authenticating and Authorizing Web Site Visitors205my $DB_USER =  kabir ;my $DB_PASSWORD = $dbpwd;my $ENCRYPTION =  crypt ;my $USER_TABLE =  wwwusers ;my $USERNAME_FIELD =  username ,my $PASSWORD_FIELD =  passwd ,my $GROUP_TABLE =  wwwgroups ;my $GROUP_FIELD =  groupname ;my $MAXSZ_USER = 40;my $MAXSZ_PWD = 20;my $MAXSZ_GRP = 40;In the above code, you need to set the following variables:" The $DB_HOSTvariable should be set to the database server you wantto connect to.If the database server is on the same machine as the Webserver, the default value  localhost can be left alone." The $DB_PORTvariable should be set to the database server port.Bydefault, the port is automatically selected unless you have used anuntraditional port on the database server for client connection." The $DATABASEvariable should be set to the database name.The defaultdatabase name is  auth and will only work if you have followedinstructions in earlier sections." The $DB_DRIVERvariable should be set to the database driver you needto connect to the database server.For MySQL database server thisdriver is called mysqland therefore the default will only work if you areusing a MySQL database." The $DB_USERvariable should be set to the user who has been grantedaccess to create, modify, or delete records in the $DATABASE-specifiedtables.See Granting Apache Server Access to the User-AuthenticationDatabase in MySQL earlier in this chapter, to know about how you cangrant a user access to a MySQL database." The $DB_PASSWORDis intentionally not stored in the script to enhancesecurity.You must provide the password needed to access the databaseusing the command-line option -dbpwd=database_passwordwheneveryou run the manage_users.plscript.You can hard code a password,but I recommend removing the hard coded password after you are donewith the script." The $ENCRYPTIONvariable can be set to none, crypt(default), or MD5.When set to none, passwords are stored in plain-text; when cryptisused, passwords are encrypted with the one-way hashing algorithm usedin traditional Unix environment; when MD5is used, password is stored asa message digest (MD5) value." The $USER_TABLEvariable should be set to the user table in yourdatabase.This table must have $USERNAME_FIELD-specified usernamefield and also the $PASSWORD_FIELD-specified password field. e4821-2 ch07.F 2/22/02 10:12 AM Page 206Part II &' Web Site Administration206" The $GROUP_TABLEvariable should be set to the group table in yourdatabase.This table must have the $USERNAME_FIELD-specified username field and also the $GROUP_FIELD-specified group name field." The maximum size of the $USERNAME_FIELDis set using $MAXSZ_USERfield, which should correspond to what you have used in the$USER_TABLEcreation process.The $PASSWORD_FIELDsize is controlledin a similar manner by using the $MAXSZ_PWDfield.Finally, the$GROUP_FIELDsize is controlled using $MAXSZ_GRPfield.5.Save the changes.Adding a new user to the user tableTo add a new user to the user table run the following command:manage_user.pl -db=user \-action=add \-user=user_name \-password=user_password \-dbpwd=database_passwordFor example, to add a user named kabirwith user password go#forwardyou canrun the following commandmanage_user.pl -db=user \-action=add \-user=kabir \-password=go#forward \-dbpwd=mydbpwdNote that here the mydbpwdis the database password needed to write to thedatabase.Removing an existing user from the user tableTo remove a user from the user and group table run the following command:manage_user.pl -db=user \-action=del \-user=user_name \-dbpwd=database_password \-auto=onFor example, to delete a user named kabirfrom the user and group tables usinga database access password mydbpwdyou can run the following command:manage_user.pl -db=user \-action=del \-user=kabir \-dbpwd=mydbpwd \-auto=on e4821-2 ch07.F 2/22/02 10:12 AM Page 207Chapter 7 &' Authenticating and Authorizing Web Site Visitors207TipSetting the -auto option ensures that user is removed from all the groups in thegroup table [ Pobierz całość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • higrostat.htw.pl
  •