The fileauth authentication plug-in provides the means to authenticate users by looking up users in apache like password files.
The following outlines the steps required to activate and configure the fileauth authentication provider and to manage users.
In order to activate the fileauth authentication plug-in the httpauth and fileauth extension library must be loaded according to extension library configuration.
<EXTLIBS>
<LIB>httpauth</LIB>
<LIB>fileauth</LIB>
</EXTLIBS>
The file authentication plug-in is activated by specifying FILE as the provider name within the AUTHENTICATE configuration of the http authentication handler.
The file specific configuration is introduced by the FILE tag and must be a child of the AUTHENTICATE tag.
<HANDLER TYPE="AUTH" NAME="HTTPAUTH">
<AUTHENTICATE TYPE="BASIC" REALM="MYREALM" PROVIDER="FILE" >
<APPLYFORMETHOD>POST</APPLYFORMETHOD>
<FILE FILE="/etc/ics/auth1"/>
</AUTHENTICATE>
</HANDLER>
The FILE tag comprises a FILE parameter that specifies the file including path with the users and corresponding passwords to use for the authentication request.
Note: The specified file must be outside of the document tree of the webserver, otherwise clients might be able to download the file!
The file specified by the FILE tag is a plain text file which stores the users with their corresponding password. The fileauth extension supports the following commands to manage the password files and users:
All commands can be executed via the ics extension exec command. It is not required that the server instance is running when executing a command. However if the server instance is running it will recognize based on the timestamp of the password file that it needs to reload it.
With the create command an empty password file can be created.
ics exec ICSSERVICE [-|/]cfg configuration-file [-|/]lib fileauth [-|/]libcmd create [-|/]authfile password-file
If the file already exists an error message will be displayed
With the add command a user can be added to an existing password file.
ics exec ICSSERVICE [-|/]cfg configuration-file [-|/]lib fileauth [-|/]libcmd add [-|/]authfile password-file [-|/]authuser userid [[-|/]authpass password]
Adds the user specified by option authuser to the password file specified by option authfile. The option authpass specifies the password of the user. If the authpass option is not specified the user will be prompted to input a password.
If the password-file does not exists an error message will be displayed.
If the user specified by authuser already exists an error message will be displayed.
Note: Duplicate user ids in the password file will be removed by this command. Thus if the file was modified manually and redundant user record was added it will be deleted.
With the password command the password of an existing user in a password file can be updated.
ics exec ICSSERVICE [-|/]cfg configuration-file [-|/]lib fileauth [-|/]libcmd password [-|/]authfile password-file [-|/]authuser userid [[-|/]authpass password]
Updates the password of an existing user specified by option authuser of a password file specified by option authfile. The option authpass specifies the password of the user. If the authpass option is not specified the user will be prompted to input a password.
If the password-file does not exists an error message will be displayed.
If the user specified by authuser does not exists an error message will be displayed.
Note: Duplicate user ids in the password file will be removed by this command. Thus if the file was modified manually and redundant user record was added it will be deleted.
With the delete command an existing user in a password file is deleted.
ics exec ICSSERVICE [-|/]cfg configuration-file [-|/]lib fileauth [-|/]libcmd delete [-|/]authfile password-file [-|/]authuser userid
Deletes an existing user specified by option authuser of a password file specified by option authfile.
If the password-file does not exists an error message will be displayed.
If the user specified by authuser does not exists an error message will be displayed.
Note: Duplicate user ids in the password file will be removed by this command. Thus if the file was modified manually and redundant user record was added it will be deleted.