HPE Community
Operating System - OpenVMS
1754368 Members
4682 Online
108813 Solutions
New Discussion юеВ

Re: apache openvms username verification

 
Marco van der Sijpt
New Member

тАО07-29-2004 09:44 PM

тАО07-29-2004 09:44 PM

apache openvms username verification

I'm a dutch system manager trying to figure out how to verify access on certain directories on disks. I can verify the username through the openvmsmodule / apache combination but once I try to verify access on certain directories by means of the www_remote_user symbol I get failures. Can anyone tell me how I can get the www_* symbols into the process context.
Please send response also to:
kees.tok@mw-brabant.politie.nl
0 Kudos
Reply
4 REPLIES 4
Martin Vorlaender
Honored Contributor

тАО07-30-2004 01:53 AM

тАО07-30-2004 01:53 AM

Re: apache openvms username verification

AFAIK, the www_ prefix is not used with Apache. Try REMOTE_USER instead.

cu,
Martin
0 Kudos
Reply
Martin P.J. Zinser
Honored Contributor

тАО07-31-2004 12:16 PM

тАО07-31-2004 12:16 PM

Re: apache openvms username verification

Hi Marco,

have a look at the

[.APACHE.CGI-BIN]TEST-CGI-VMS.COM that comes with the distribution. This will show most of the variables set by Apache (REMOTE_USER is not in there since it is only set if you have an authenticated user I assume). Especially note that environment settings are not prefixed with
WWW_* like they are e.g. for the OSU server.

Greetings, Martin
0 Kudos
Reply
Robert Atkinson
Respected Contributor

тАО08-01-2004 08:48 PM

тАО08-01-2004 08:48 PM

Re: apache openvms username verification

Marco - you will need something like this in you HTTPD.CONF file :-


Options -Indexes Includes FollowSymLinks Multiviews
AllowOverride None
AuthType Basic
AuthName "WebReport Logon"
AuthOpenVMSGroup Off
AuthOpenVMSAuthoritative On
AuthUserOpenVMS On
require valid-user
Order deny,allow
Deny from all
Allow from all


You mau also need to load it as a module :-

LoadModule auth_openvms_module /apache$common/modules/mod_auth_openvms.exe_alpha


While I'm at it, you can also do a neet trick of authenticating against UAF and a file :-


Options -Indexes Includes FollowSymLinks Multiviews
AllowOverride None
AuthType Basic
AuthName "Web-CMS Logon"
AuthOpenVMSAuthoritative On
AuthOpenVMSGroup off
AuthGroupFile /cms$data/cms_group.prot
AuthOpenVMSUser On
require group cmsusers
Order deny,allow
Deny from all
Allow from all


You then simply create a file, in this case cms$data:cms_group.prot and place the usernames in against the group:-

cmsusers: MFM mfm NZC nzc DZL dzl DHU dhu CML cml

The reason for upper and lowercase is that Apache is case-sensitive, so I capture both logins.

Hope this helps, Rob.
0 Kudos
Reply
Robert Atkinson
Respected Contributor

тАО08-01-2004 08:52 PM

тАО08-01-2004 08:52 PM

Re: apache openvms username verification

Slightly midread your original request, although the answer I gave will give you directory level authentication.

Here is some code I use for checking authentication for specific usernames, based on REMOTE_USER :-


$ DCL "CHECK_PRIV.COM"
$!
$!------------------------------------------------------------------------------
$! AUTHOR: Robert Atkinson - January 2003
$! VERSION: 3.0
$!------------------------------------------------------------------------------
$! DESCRIPTION: Module to check and return privilege levels for a specific user.
$!------------------------------------------------------------------------------
$! RUN FREQUENCY :
$! PRERUN REQUISITES :
$! RERUN PROCEDURE :
$! SPECIAL NOTE :
$! PARAMETERS : P1 = REQUIRED_LEVEL (USER/MANAGER)
$! P2 = OVERRIDE - STOP ERROR MESSAGES BEING OUTPUT
$!------------------------------------------------------------------------------
$! AMENDMENT LOG:
$! Date Oper Reason
$!------------------------------------------------------------------------------
$!
$ SET ON
$ ON ERROR THEN GOTO ERROR
$ !
$ REQUIRED_LEVEL = "''P1'"
$ OVERRIDE = "''P2'"
$ !
$START:
$ CMS$ACTION = "FALSE"
$ !
$ CMS$PRIV_MANAGER == "FALSE"
$ CMS$PRIV_USER == "FALSE"
$ !
$VERIFY_PRIV:
$ CMS$ACTION = "FALSE"
$ !
$ DEFINE SYS$OUTPUT SYS$TEMP:CMS_UAF_'PRCPID'.TMP
$ UAF SH 'REMOTE_USER'
$ DEASS SYS$OUTPUT
$ !
$CHECK_MANAGER:
$ @OPS$COM_FILES:EXTRACT_REPORT_LINE SYS$TEMP:CMS_UAF_'PRCPID'.TMP " CMS_MANAGER " 0
$ !
$ IF EXTRACTED_LINE .EQS. "STRINGNOTFOUND"
$ THEN
$ IF REQUIRED_LEVEL .EQS. "MANAGER" THEN GOSUB DISPLAY_ERROR_MESSAGE
$ ELSE
$ CMS$PRIV_MANAGER == "TRUE"
$ ENDIF
$ !
$CHECK_USER:
$ @OPS$COM_FILES:EXTRACT_REPORT_LINE SYS$TEMP:CMS_UAF_'PRCPID'.TMP " CMS_USER " 0
$ !
$ IF EXTRACTED_LINE .EQS. "STRINGNOTFOUND"
$ THEN
$ IF REQUIRED_LEVEL .EQS. "USER" THEN GOSUB DISPLAY_ERROR_MESSAGE
$ ELSE
$ CMS$PRIV_USER == "TRUE"
$ ENDIF
$ !
$ DEL /NOLOG SYS$TEMP:CMS_UAF_'PRCPID'.TMP;*
$ !
$ GOTO END
$ !



$DISPLAY_ERROR_MESSAGE:
$ IF OVERRIDE .EQS. "OVERRIDE" THEN GOTO END_DISPLAY_ERROR_MESSAGE
$ !
$ @CMS$SYSTEM:SHOW_OWNER
$ !
$ WS "Web-CMS - Privilege Error"
$ !
$ WS "<meta content="" 2="" />"
$ WS ""
$ WS ""
$ WS "



"
$ WS "

You do not have the required privilege to use this option!!!

"
$ WS ""
$ !
$END_DISPLAY_ERROR_MESSAGE:
$ RETURN
$ GOTO ERROR
$ !





$END:
$ EXIT %X00001
$ !
$ERROR:
$ ERRORMOD CHECK_PRIV ERROR "CHECK_PRIV HAS BLOWN OUT - PLEASE INVESTIGATE"
$ !
$ DEASS SYS$OUTPUT
$ !
$ EXIT %X00004
$ !
$ !
$ !
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.