https://community.hpe.com/t5/operating-system-openvms/authentication-under-apache/m-p/3183606#M29082 Does anyone have any info about authenticating a webuser who makes a connection to my Apache server?<BR />As far as I found so far, ALL activities via web-access are done by WWW$APACHE, which is quite hard to trace back to a certain person.<BR />I really would like to validate the accessor against SYSUAF, and allow/restrict access by granted rightsidentifiers, but if there is only a less "clean" way I would be willing to give it serious consideration.<BR />The reason: nowadays the VMS applications are accessed by terminal emulator, but there is a really heavy management incentive that "all" functionality should be accessable "the same way", and for that way they chose Billy's IE.<BR />At the moment serious development pilots are underway to replaced the VMS apps by some MS &amp; some *NIX. To me that looks like spending LOTS of money to get to a reduced functionality with less security, but one GREAT advantage: it shows nice, flashy, colored displays that impress managers better than monochrome screens in character mode (and they can better use it to impress guests). <BR />I would like to keep the VMS stuff and spend much less money, and if I can reach just about the same flashiness, then THAT would hopefully please management even better.<BR /><BR />Any help welcome! Thu, 05 Feb 2004 03:01:03 GMT Jan van den Ende 2004-02-05T03:01:03Z https://community.hpe.com/t5/operating-system-openvms/authentication-under-apache/m-p/3183606#M29082 Does anyone have any info about authenticating a webuser who makes a connection to my Apache server?<BR />As far as I found so far, ALL activities via web-access are done by WWW$APACHE, which is quite hard to trace back to a certain person.<BR />I really would like to validate the accessor against SYSUAF, and allow/restrict access by granted rightsidentifiers, but if there is only a less "clean" way I would be willing to give it serious consideration.<BR />The reason: nowadays the VMS applications are accessed by terminal emulator, but there is a really heavy management incentive that "all" functionality should be accessable "the same way", and for that way they chose Billy's IE.<BR />At the moment serious development pilots are underway to replaced the VMS apps by some MS &amp; some *NIX. To me that looks like spending LOTS of money to get to a reduced functionality with less security, but one GREAT advantage: it shows nice, flashy, colored displays that impress managers better than monochrome screens in character mode (and they can better use it to impress guests). <BR />I would like to keep the VMS stuff and spend much less money, and if I can reach just about the same flashiness, then THAT would hopefully please management even better.<BR /><BR />Any help welcome! Thu, 05 Feb 2004 03:01:03 GMT https://community.hpe.com/t5/operating-system-openvms/authentication-under-apache/m-p/3183606#M29082 Jan van den Ende 2004-02-05T03:01:03Z https://community.hpe.com/t5/operating-system-openvms/authentication-under-apache/m-p/3183607#M29083 I wish you luck. If more people realised VMS can have web front ends parhaps less of them would get replaced. For V1.3 There is MOD_AUTH_VMS.<BR />See<BR /><A href="http://h71000.www7.hp.com/openvms/products/ips/apache/csws_install_001.html#anal_c" target="_blank">http://h71000.www7.hp.com/openvms/products/ips/apache/csws_install_001.html#anal_c</A><BR /><BR />and especically<BR /><A href="http://h71000.www7.hp.com/openvms/products/ips/apache/csws_install_001.html#modauthsecurity" target="_blank">http://h71000.www7.hp.com/openvms/products/ips/apache/csws_install_001.html#modauthsecurity</A><BR /><BR /> Thu, 05 Feb 2004 04:31:01 GMT https://community.hpe.com/t5/operating-system-openvms/authentication-under-apache/m-p/3183607#M29083 Ian Miller. 2004-02-05T04:31:01Z https://community.hpe.com/t5/operating-system-openvms/authentication-under-apache/m-p/3183608#M29084 WAUW!!!!<BR /><BR />Ian, I think I must have missed that one.<BR /><BR />A period of excersising &amp; testing is imminent. And then (I hope and expect) the demonstrating and all other political stuff. Thu, 05 Feb 2004 04:56:20 GMT https://community.hpe.com/t5/operating-system-openvms/authentication-under-apache/m-p/3183608#M29084 Jan van den Ende 2004-02-05T04:56:20Z https://community.hpe.com/t5/operating-system-openvms/authentication-under-apache/m-p/3183609#M29085 Jan,<BR /><BR />My experience: This works GREAT: check against SYSUAF on username (password must be valid and non-expired, user must be non-captive, non-disuser....) and on rights_id. <BR />I use these both. I can advise!<BR />only point: passwords are passed as text so the site will require SSL to get it encrypted on the Internet (still working on that ;-()<BR /><BR />Willem<BR /> Fri, 06 Feb 2004 14:42:05 GMT https://community.hpe.com/t5/operating-system-openvms/authentication-under-apache/m-p/3183609#M29085 Willem Grooters 2004-02-06T14:42:05Z