148 lines
4.4 KiB
HTML
148 lines
4.4 KiB
HTML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
|
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
|
<head>
|
|
<meta name="generator" content=
|
|
"HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" />
|
|
|
|
<title>Lemonldap::NG documentation:
|
|
5-Appli-HTTP-Basic-Authentication.html</title>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
|
<style type="text/css">
|
|
/*<![CDATA[*/
|
|
body{
|
|
background: #ddd;
|
|
font-family: sans-serif;
|
|
font-size: 11pt;
|
|
padding: 0 50px;
|
|
}
|
|
div.main-content{
|
|
padding: 10px;
|
|
background: #fff;
|
|
border: 2px #ccc solid;
|
|
}
|
|
a{
|
|
text-decoration: none;
|
|
}
|
|
p.footer{
|
|
text-align: center;
|
|
margin: 5px 0 0 0;
|
|
}
|
|
.heading-1{
|
|
text-align: center;
|
|
color: orange;
|
|
font-variant: small-caps;
|
|
font-size: 20pt;
|
|
}
|
|
.heading-1-1{
|
|
color: orange;
|
|
font-size: 14pt;
|
|
border-bottom: 2px #ccc solid;
|
|
}
|
|
pre{
|
|
background: #eee;
|
|
border: 2px #ccc solid;
|
|
padding: 5px;
|
|
border-left: 10px #ccc solid;
|
|
}
|
|
ul.star li{
|
|
list-style-type: square;
|
|
}
|
|
/*]]>*/
|
|
</style>
|
|
</head>
|
|
|
|
<body>
|
|
<div class="main-content">
|
|
<h2 class="heading-1"><span id="HHTTPBasicAuthentication">HTTP Basic
|
|
Authentication</span></h2>
|
|
|
|
<p class="paragraph"></p>
|
|
|
|
<ul>
|
|
<li><a href="#HPresentation">Presentation</a></li>
|
|
|
|
<li><a href="#HConfigurationinLemonLDAP3A3ANG">Configuration in
|
|
LemonLDAP::NG</a></li>
|
|
</ul>
|
|
|
|
<h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>
|
|
|
|
<p class="paragraph"></p>Extract from the <span class=
|
|
"wikiexternallink"><a href=
|
|
"http://en.wikipedia.org/wiki/Basic_access_authentication">Wikipedia
|
|
article</a></span>:
|
|
|
|
<p class="paragraph"></p>In the context of an HTTP transaction, the basic
|
|
access authentication is a method designed to allow a web browser, or
|
|
other client program, to provide credentials – in the
|
|
form of a user name and password – when making a
|
|
request.
|
|
|
|
<p class="paragraph"></p>Before transmission, the username and password
|
|
are encoded as a sequence of base-64 characters. For example, the user
|
|
name Aladdin and password open sesame would be combined as Aladdin:open
|
|
sesame – which is equivalent to
|
|
QWxhZGRpbjpvcGVuIHNlc2FtZQ== when encoded in Base64. Little effort is
|
|
required to translate the encoded string back into the user name and
|
|
password, and many popular security tools will decode the strings "on the
|
|
fly".
|
|
|
|
<h3 class="heading-1-1"><span id=
|
|
"HConfigurationinLemonLDAP3A3ANG">Configuration in
|
|
LemonLDAP::NG</span></h3><br />
|
|
<br />
|
|
The Basic Authentication relies on a specific HTTP header, as described
|
|
above. So you have just to declare this header for the virtual host in
|
|
LemonLDAP::NG Manager:<br />
|
|
<br />
|
|
|
|
<div class="code">
|
|
<pre>
|
|
Authorization => <span class=
|
|
"java-quote">"Basic "</span>.encode_base64(<span class="java-quote">"<i class=
|
|
"italic">login</i>:<i class="italic">password</i>"</span>)
|
|
</pre>
|
|
</div><br />
|
|
<br />
|
|
The problem is to have correct values in <i class="italic">login</i> and
|
|
<i class="italic">password</i>.<br />
|
|
<br />
|
|
We suppose for example that the login is the attribute "uid" and the
|
|
password is the password used to authenticate on LemonLDAP::NG portal. To
|
|
store this password into session, you first have to modify the
|
|
/var/lib/lemonldap-ng/portal/index.pl:<br />
|
|
<br />
|
|
|
|
<div class="code">
|
|
<pre>
|
|
# Remove comment to store password in session (use with caution)
|
|
storePassword => 1,
|
|
</pre>
|
|
</div><br />
|
|
<br />
|
|
<strong class="strong">Warning</strong>: this will store the password in
|
|
cleartext, so if an attacker achieve to read the session on the server, he
|
|
can read the password.<br />
|
|
<br />
|
|
With the storePassword parameter, the password is available in
|
|
LemonLDAP::NG in $_password.<br />
|
|
<br />
|
|
So to configure basic authentication:<br />
|
|
<br />
|
|
|
|
<div class="code">
|
|
<pre>
|
|
Authorization => <span class=
|
|
"java-quote">"Basic "</span>.encode_base64(<span class=
|
|
"java-quote">"$uid:$_password"</span>)
|
|
</pre>
|
|
</div>
|
|
</div>
|
|
|
|
<p class="footer"><a href="index.html">Index</a></p>
|
|
</body>
|
|
</html>
|