iTP Secure WebServer System Administrator's Guide (Version 7.0)
Configuration Directives
iTP Secure WebServer System Administrator’s Guide—523346-012
A-60
Region Commands
The following command requires that any URL referring to a Guardian file whose
name ends in “atp” must have the extension .atp. If the URL in the request has
some other extension, the server returns an “access denied” error to the browser.
Region /G/*atp {
RequiredFileExtension atp
}
RequirePassword realm {-userfile userfile | -safeguard}
The RequirePassword command limits access to clients that provide a valid user
name and password (HTTP basic authentication). realm is a text string presented
when the user’s Web client prompts for a user name and password; userfile is
the name of the server file containing the user-name/password database.
The -safeguard argument allows you to use the Safeguard user ID database
for authentication.
If the Web client does not supply a valid user name and password, no additional
commands in the directive are evaluated.
For example, the command in the following directive requires a user name and
password for access to the /private/directory on the server:
Region /private/* {
RequirePassword "Access username" -userfile
/server/passwords
}
The user-name/password database is stored in a simple ASCII file. Lines
beginning with the pound sign (#) are comments and are ignored.
User-name/password entries consist of two components, the user name and the
password, separated by a colon. Each entry is confined to a single line. The
password is stored in encrypted form. For example:
#
#WebServer user database file
#
fred:bDzuF2kRWwkw2
brian:KFPjGuWCnLxBY
Use the useradm utility to create user-name/password databases, and to add or
delete entries. For details about using the useradm utility, see Administering
Passwords on page 7-32. For information specific to using Region directives, see
Controlling Access to the Server on page 7-28.
Note. This usage is recommended for use with RequireSecureTransport since it is used
with the non-secure basic authentication scheme that sends the user name and password
as radix64 encoded strings.