[Soks] Multiple authentication systems

Patrick Hahn skorgu at gmail.com
Mon Jan 9 10:47:41 EST 2006


ahh, that goes in start.rb, it replaces the stock servlet.authenticators <<
... line. I have no idea how this will impact multiple wikis, I suspect
you'd need multiple servlet objects as well as multuple wiki objects, or
multiple start.rbs

On 1/8/06, Eric Knapp <eknapp at gmail.com> wrote:
>
> Patrick,
>
> Thanks, I'm getting closer. Next question is where does the code that you
> have quoted, that starts with "servlet.authenticators" go in my wiki? I
> have lots of Soks wikis on my server and I need to do this per wiki, not
> globally. I understand the rest of your post and it is really helpful.
>
> -Eric
>
> On 1/8/06, Patrick Hahn <skorgu at gmail.com> wrote:
>
> > To do the multiple-authentication trick with digest authentication you
> > need to have a setup such as this:
> >
> > servlet.authenticators << [
> > %r{/(view|rss|print|find|meta|attachment)/.*}, WEBrick::HTTPAuth::
> > DigestAuth.new( :UserDB => WEBrick::HTTPAuth::Htdigest.new('/path/to/htdigest.read'),
> > :Realm => "auth") ]
> >
> > servlet.authenticators <<  [ %r{/(upload|edit|save|dav)/.*},
> > WEBrick::HTTPAuth::DigestAuth.new ( :UserDB => WEBrick::HTTPAuth::
> > Htdigest.new('/path/to/htdigest.write'), :Realm => "auth") ]
> >
> >
> > I don't know why it wouldn't work using htpasswd authentication the same
> > way, but I've not done it. Digest is more secure but very old clients won't
> > support it. This isn't important to me but it may be to you.
> >
> > To use htdigest auth, you need an htdigest.write and an htdigest.read as
> > in above.
> >
> > The htdigest.read contains authentication credentials (username, realm
> > [in my example this is "auth"] password) for those who should be able to
> > read the wiki. The htdigest.write contains the same for those who should
> > be able to write. Writers must exist in both files for this to work
> > properly. This makes adding users a bit of a pain:
> >
> > If you have apache 1 or 2 installed someplace or are willing to get it
> > to get at the htdigest tool you can use it with syntax:
> > *
> > htdigest* [ -*c* ] passwdfile realm username
> >
> > The -c flag will create the passwdfile if it does not exist. Realm is
> > "auth" in this example and must be identical for read and write. Username is
> > the username. You will have to run this twice for each user, once giving
> > htdigest.read as the passwdfile and once with htdigest.write if the user
> > is to be able to write. If the user is read-only (my two files are identical
> > except for a read-only user called "guest") simply run htdigest once on the
> > .read file.
> > If you don't have the htdigest tool,  you can fake it. The htdigest
> > format is simply:
> >
> > username:realm:hash
> >
> > where hash is the md5 sum of the string
> >
> > username:realm:password
> >
> > For a user named "bob" with password "jones110" in realm "auth" you
> > would add "bob:auth:" to whichever htdigest file you're doing now and then
> > generate the digest by
> >
> > md5sum >> htdigest.read [RETURN]
> > bob:auth:jones110[CTRL+D][CTRL+D]
> >
> > and then open the htdigest file up and trim out the newline, and that
> > annoying dash that md5sum insists on outputting so that the line looks like:
> >
> >
> > bob:auth:47d0b1d5ad042ef290e0c19645556cab
> >
> > and then add that line to the .write file if you want bob to be able to
> > write to the wiki.
> >
> > There's probably an easy way to script this either in ruby or bash but
> > I'm too lazy to do it.
> >
> > _______________________________________________
> > Soks-discuss mailing list
> > Soks-discuss at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/soks-discuss
> >
> >
> >
>


--
Patrick Hahn
AHKM Computer and Network Integration
patrick at ahkm.com
+1 (800) 554 9803
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/soks-discuss/attachments/20060109/9414858a/attachment-0001.htm


More information about the Soks-discuss mailing list