iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)
Configuration Directives
iTP Secure WebServer System Administrator’s Guide—523346-002
A-51
Region Commands
For example, the command in the following directive requires a user name and
password for access to the /private/directory on the server:
Region /private/* {
RequirePassword "Access username" -userfile
/server/passwords
}
The user-name/password database is stored in a simple ASCII file. Lines
beginning with the pound sign (#) are comments and are ignored.
User-name/password entries consist of two components, the user name and the
password, separated by a colon. Each entry is confined to a single line. The
password is stored in encrypted form. For example:
#
#WebServer user database file
#
fred:bDzuF2kRWwkw2
brian:KFPjGuWCnLxBY
Use the useradm utility to create user-name/password databases, and to add or
delete entries. For details about using the useradm utility, see Administering
Passwords on page 7-31. For information specific to using Region directives, refer
to Controlling Access to the Server on page 7-27.
RequireSecureTransport [-nossl -nopct -auth [user-list]]
The RequireSecureTransport command requires that the SSL and/or PCT
secure transport protocol be used for connections. This command supersedes the
RequireSSL command available in earlier versions of the iTP Secure WebServer.
The RequireSecureTransport command takes the following options:
-nossl
Forbids the use of SSL for connections.
-nopct
Forbids the use of PCT for connections.
-auth [user-list]
Requires client authentication. The optional list of users (user-list) can be a
Tcl list of acceptable client DNs. If no list is present, any authentication can be
used. The web client’s certificate must be validated by the iTP Secure
WebServer. (To allow access when the iTP Secure WebServer cannot validate
the certificate, use the CGI variables either inside a region or in a CGI
program.)
An error occurs if you try to use RequireSecureTransport -auth if
authentication was not requested or required by an AcceptSecureTransport
directive.