Lab Notes:
Experimental host:192.168.1.11
1. Configure httpd User-based access control ----Basic Authentication mechanism
(1) installing httpd program, and start the service
#yum install Httpd–y[[email protected] ~]# servicehttpd startstarting httpd:httpd:Could not reliably determine the server ' s fully qualified domain name,using 172.16.33.1 for ServerName [ OK][[email protected] ~]# SS–TNL
(2 ) Define the security domain in the configuration file
(a) Modify The path of ' Mainserver ' to/data/web/htmland perform an access test
#vim/etc/httpd/conf/httpd.conf ... documentroot "/data/web/html" .... # Mkdir/data/web/html-pv[[email protected] ~)------- # Cd/data/web/html/[[email protected] HTML #vim index.html add:
in the browser, enter: http://192.168.1.11/ , Access testing
(b) in /data/web/html/ Add a directory employee , and encapsulate the Directory To enable the authentication of this directory for basic Implementation of the mechanism, Authenticated users Tom ,Jerry
# mkdir/data/web/html/employee# cd/data/web/html/employee[[email protected] employee]# vimindex.html Tom 21 Jerry 90 #vim/etc/httpd/conf/httpd.conf ..... Add directory, access control to the directory ............<directory "/data/web/html/employee" > Options None AllowOverride None AuthType basic authname "it is only foremployee!!" AuthUserFile /etc/httpd/users/.htpasswd Require user tom jerry</Directory>................[[email Protected] html]# httpd-thttpd: could not reliablydetermine the server ' s& nbsp; Fully qualified domain name, using 172.16.33.1 forservernamesyntax ok
(3) Create the/etc/httpd/users directory and provide the user's account file in the directory
[[email protected] html]# mkdir/etc/httpd/users[[email protected] html]# cd/etc/ Httpd/users[[email protected] users] #htpasswd -c -m /etc/httpd/users/.htpasswd tomnew password:re-type new password:adding password for usertom[[email Protected] users] #htpasswd -m /etc/httpd/users/.htpasswdjerrynew password:re-type new password:Adding password for userjerry[[email protected] users]# Cat/etc/httpd/users/.htpasswdtom: $apr 1$snf79tur$lx7b.y8s9bbrtzh8cpbaz1jerry: $apr 1$sxqjzsiw$ fa0wxyi2dfdcdiko.0yct1 (4) Restart the service and test it in the browser [[ Email protected] employee]# httpd-thttpd: could not reliablydetermine the server ' S&NBSP;FULLY&NBSP;QUALIFIED&NBsp;domain name, using 172.16.33.1 forservernamesyntax ok[[email protected] Employee] #service &NBSP;HTTPD&NBSP;RELOADRELOADING&NBSP;HTTPD:
at this point in the browser, enter: http://192.168.1.11/employee/ , enter Tom ,Jerry and corresponding password, multiple input observation results; found only Tom. ,Jerry users are required to enter the correct password in order to successfully access!
2. Group-based authentication
Create the group file and add it in the configuration file.
[[email protected] employee]# vim /etc/httpd/conf/httpd.conf .....] Modify it to the following ... <directory "/data/web/html/employee" > "....." options none allowoverride none authtype basic authname "it is only foremployee!!" AuthUserFile /etc/httpd/users/.htpasswd AuthUserFile /etc/httpd/users/.htgroup require group mc</directory>...............................[[email protected] employee]# vim/etc/httpd/users/.htgroup .... Add the following content ................... -- mc: tom jerry[[email protected] employee] #httpd -thttpd: Could Not&nbsP;reliablydetermine the server ' s fully qualified domain name, using 172.16.33.1 forservernamesyntax ok[[email protected] employee] #service httpd RELOADRELOADING&NBSP;HTTPD:
the configuration based on group authentication is complete, and the following access tests are performed in the browser !!!!
Configure HTTPD server with user access control function based on Basic authentication mechanism