RHEL6.3 implement encrypted-based user authentication and access authentication

I. Business Requirements Apache needs to implement encrypted authentication access based on user identity authentication to ensure the security of specific site pages. Here is the implementation process of the requirement. See the following breakdown. II. Specific steps: 1. Create the home directory and webpage [root @ test1 www] # mkdir kernel 1 [root @ test1 www] # lscgi-bin error html icons manual kernel 1 [root @ test1 www] # cd kernel 1 [root @ test1 Success 1] # echo "welcomt to apache website"> index.html [root @ test1 Success 1] # lsindex.html [root @ test1 Success 1] # cat index.html welcomt to apache website 2. Use apache the built-in htpasswd tool generates a password file as the source format for user access authentication: htpasswd options FilePath user-c: use this option when creating the first time-m: store the password with MD5 encryption-D: slave Password Delete the user [root @ test1 conf] # htpasswd-cm. htpasswd aaaNew password: Re-type new password: Adding password for user aaa [root @ test1 conf] # cat. htpasswdaaa: $ apr1 $ hhFTA/vU $ GwUfNDRNGFGIyHWftqc2M1 [root @ test1 conf] # htpasswd-m. htpasswd bbbNew password: Re-type new password: Adding password for user bbb [root @ test1 conf] # cat. htpasswdaaa: $ apr1 $ hhFTA/vU $ GwUfNDRNGFGIyHWftqc2M1bbb: $ apr1 $ QHr2Dpff $ wMtQI74Pc BNOMrY0mPgpa0 [root @ test1 conf] # to delete a user # htpasswd-D. htpasswd aaa 3. Use Basic Authentication for the specified webpage directory. For example, to access the test1.demo.com website, configure the apache main configuration file based on user authentication: /etc/httpd/conf/httpd. confNameVirtualHost 192.168.1.123: 80 <VirtualHost 192.168.1.123: 80> DocumentRoot/var/www/logs 1 ServerName test1.demo.com ErrorLog logs/test1.demo.com-error. log <Directory/var/www/Example 1> authName "realm" AuthType basic AuthUserFile/etc/httpd/c Onf /. htpasswd Require User aaa bbb </Directory> </VirtualHost> [root @ test1 limit 1] # service httpd restartStopping httpd: [OK] Starting httpd: [OK] 4. Encrypted configuration [root @ test1 conf] # (umask 077; openssl genrsa-des3-out server. key) Generating RSA private key, 512 bit long modulus .... ++ .... +++ ++ e is 65537 (0x10001) Enter pass phrase for server. key: Verifying-Enter pass phrase for server. key :[ Root @ test1 conf] # openssl req-new-key server. key-out server. csrEnter pass phrase for server. key: You are about to be asked to enter information that will be inreceivatedinto your certificate request. what you are about to enter is what is called a Distinguished Name or a DN. there are quite a few fields but you can leave some blankFor some fields there will be a default value, If you enter '. ', Field will be left blank. ----- Country Name (2 letter code) [CN]: CNState or Province Name (full name) []: Locality Name (eg, city) [Beijing]: BeijingOrganization Name (eg, company) [Default Company Ltd]: TianliOrganizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: test1.demo. comEmail Address []: Please enter the following 'extra 'attributesto be sent with y Our certificate requestA challenge password []: An optional company name []: [root @ test1 conf] # openssl ca-in server. csr-out server. crtUsing configuration from/etc/pki/tls/openssl. cnfEnter pass phrase for/etc/pki/CA/private/my-ca.key: Check that the request matches the signatureSignature okCertificate Details: Serial Number: 3 (0x3) Validity Not Before: jan 31 05:37:44 2013 GMT Not After: Jan 31 05:37:44 2014 GMT Subject: countryName = CN alias = Hebei organizationName = Default Company Ltd commonName = rjx509v3 extensions: required Basic Constraints: CA: FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: CB: 3D: 6E: BD: 48: ED: BD: FE: 39: BD: 27: C5: B5: 57: 19: 96: 79: 11: 23: 14 X509v3 Authority Key Identifier: keyid: 4C: 45: 25: 5F: 60: 7F: F8: 6E: 6F: B 4: 53: C4: FB: BD: A3: C6: 82: AE: 2A: 62 Certificate is to be certified until Jan 31 05:37:44 2014 GMT (365 days) Sign the certificate? [Y/n]: y 1 out of 1 certificate requests certified, commit? [Y/n] yWrite out database with 1 new entriesData Base Updated sets httpd. copy this section in conf to ssl. modify and add the SSL authentication statement NameVirtualHost 192.168.1.123: 443 <VirtualHost 192.168.1.123: 443> DocumentRoot/var/www/others 1 SSLEngine on SSLCertificateFile/etc/httpd/conf/server. crt SSLCertificateKeyFile/etc/httpd/conf/server. key ServerName test1.demo.com ErrorLog logs/test1.demo.com-error. log <Directory/var/www/login 1> auth Name "realm" AuthType basic AuthUserFile/etc/httpd/conf /. htpasswd Require User aaa bbb </Directory> </VirtualHost> note: the original httpd is required. in the conf file. [Root @ test1 conf] # service httpd restartStopping httpd: [OK] Starting httpd: [Thu Jan 31 01:29:41 2013] [warn] NameVirtualHost 192.168.1.123: 80 has no VirtualHostsApache/2.2.15 mod_ssl/2.2.15 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. in order to read them you have to provide the pass phrases. server test1.demo.com: 443 (RSA) Enter pass phrase: OK: Pass Phrase Dialog successful. [OK] [root @ test1 conf] #3. Test input in FIREFOX https://test1.demo.com Browse

Click I Understand the Risks

Click Add Exception.

 

Click Confirm Security Exception

Enter the user name and password

Finally, the protected page content is displayed.

Source: http://xjsunjie.blog.51cto.com/999372/1130838