Kenji Arisawa
E-mail: arisawa@aichi-u.ac.jp
Aichi University
Kurozasa 370, Miyoshi-cho
Aichi, Japan

2002/04/05
Powered by Pegasus

Password file

NAME passwd LOCATION /etc/passwd # in service space DESCRIPTION Passwd controls access to httpd documents from clients using password. The location of this file must be /etc in service space. Directory etc under web root that is assigned to user or virtual host is /etc in service space. The followings are the example of password file: # a sample password file 'aladdin''s lamp' 54ef36ec71201fdf9d1423fd26f97f6b /photo/private poe * /documets/secret # server authentication In password file, `#' is a comment symbol and empty lines are ignored. After removing comment, a line contains three fields. First field is the name of a realm. 'aladdin''s lamp' in this example means "aladdin's lamp". If spaces and/or quotation symbols are included in the name, rc style string rules are applied. Second field is MD5 of the password. The output of the next command is the value: echo -n 'open sesame' | md5sum If second field is `*', the authentication is to be done by authentication server. Third field is a path to file or directory. Password is requested in accessing to the file or to the files under the directory. Clients will be prompted to enter user name and password in accessing to the realm. Pegasus will allow the client to enter the realm only if user name is same as the that of realm and password is same as that for realm. User name and the password is requested only once for a realm. The server will send a message "Keep Out (XX realm)" to the client. Client will show the password for the realm to the server to be allowed to enter. Client puts the password into memory and send it automatically in next access. The password may be stolen if the network is snooped by someone when the password is sent to the server. The password is encoded in base64, and it is easily decoded to the raw password. Server administrator also knows the raw password in case of authentication server. File `passwd' is located in CPU server. Therefore the file may be read by other users. Good password is required in case of MD5. This authentication is based on "basic authentication" defined in HTTP/1.0. The scheme is widely used because of its simplicity but weak in network snooping. Therefore don't use for secure documents. NOTE See path matching for more information to judge whether the requested path matches third field. The judge will be executed after all URI transformation. (This means the requested path is transformed to the path of a file.)