iTP Secure WebServer System Administrators Guide (Version 7.5+)
SI_RequireSI department-id group-list
The SI_RequireSI command protects a region; requests for resources within the region are only
granted to users with a valid ticket.
The ticket's message authentication code (MAC) must be encoded with the proper secret, indicated
by the department ID (department-id).
The group ID specified in the ticket must match one of the groups listed in group-list. If the
group-list includes more than one group ID, list the broadest group first and the most specific
last.
This command has no defaults.
To use SI_RequireSI command in a Region directive, enter the following:
RequireSI 1 10 20
This example makes the region accessible only to users who are members of groups 10 or 20, in
department 1.
UserDir [-symlink-disable] [-symlink-owner] user-dir
The UserDir command sets the name of theuser directory (user-dir) that is to be accessed
whenever a URL begins with a tilde (~). Any URL beginning with a tilde (~) is mapped to the
specified directory within the indicated local user's home directory.
The options include:
-symlink-disable
This option disables symbolic links to files in the specified directory. As a result, the
iTP Secure WebServer returns a "not found" message in response to any attempt
to access a path that contains a symbolic link.
-symlink-owner
This option is similar in function to the -symlink-disable option; it disables symbolic
links, but only if these symbolic links are owned by someone other than the owner
of the files to which the symbolic links point.
The UserDir command overrides for specified regions the global specifications set for the same
items by the UserDir directive. For further information about using the UserDir directive, see
“UserDir” (page 258).
Anonymous Ticket Attributes
-AnonymousTicketExpiration time-in-seconds
The AnonymousTicketExpiration attribute specifies the lifespan of Session Identifiers generated
by the iTP Secure WebServer. When this period expires, the Session Identifier is no longer valid.
If access is attempted using an expired Session Identifier, the iTP Secure WebServer issues a new
ticket.
This attribute is effective only for anonymous ticketing (See “Anonymous Ticketing” (page 170))
The Session Identifier Specification 1.0 allocates 16 bits for the expiration field. To provide a useful
set of values within these 16 bits, the content server sets expiration times in increments of 8.5
minutes so that any expiration value between 0 and 511 results in an expiration time at the next
8.5-minute boundary. Likewise, any value between 512 and 1023 results in an expiration time of
approximately 17 minutes in the future.
The range of expiration times is approximately 8.5 minutes to 1 year.
The following default applies:
-AnonymousTicketExpiration 21600
where 21600 seconds equals 6 hours.
To use -AnonymousTicketExpiration in an SI_DefaultRegion command:
SI_Default -AnonymousTicketExpiration 1800
-CookiePersistence time-in-seconds
242 Configuration Directives