Web Server Design Assignment #4: Authentication Old Dominion University Department of Computer Science CS 495/595 Spring 2007 Michael L. Nelson <mln@cs.odu.edu>
Grading To be done by an automated program that will test most (all?) combinations assignment is listed under the day it is to be demoed in class each group will give a 3-4 minute status report the week before an assignment is due! If you have a question: email the class list mimic the behavior of a well known Apache server (e.g., www.cs.odu.edu)
Methods to Support Same as assignments 1-3
Status Codes to Support Same as assignments 1-3, plus: 401 Unauthorized
Request Headers Same as assignments 1-3, plus Authorization
Response Headers Same as assignments 1 -3, plus: WWW-Authenticate Authorization-Info
MIME Types, Encodings, etc. All of these as per assignments 1-3: MIME types Encoding types Character sets Languages
Authentication Implement Basic & Digest authentication as per RFC 2617 and Lectures 11 & 12 I’ll construct cnonces like this: md5(timestamp:method:URI:user:passwd)
Specifying Authentication Protection In your server configuration file: provide private key (any word or phrase) to use in generate nonce & opaque values (yes, this is not the safest way to do this…) provide a configurable value for how to protect directories: name = “WeMustProtectThisHouse!” http://www.youtube.com/watch?v=dnECY26PSHk all functions combined in a single file for simplicity (you would normally separate them) this file protects the directory it is in, and recursively protects all of its sub-directories
WeMustProtectThisHouse! Format (Basic) % cat WeMustProtectThisHouse\! # # Hashed lines are comments # order is not important, but here are # two special lines: authorization-type=Basic realm=“Lane Stadium” # always quote realm since it might have spaces # user format = name:md5(password) mln:d3b07384d113edec49eaa6238ad5ff00 bda:c157a79031e1c40f85931829bc5fc552 jbollen:66e0459d0abbc8cd8bd9a88cd226a9b2
WeMustProtectThisHouse! Format (Digest) % cat WeMustProtectThisHouse\! # # Hashed lines are comments # order is not important, but here are # two special lines: authorization-type=Basic realm=“Colonial Place” # always quote realm since it might have spaces # user format = name:md5(name:realm:password) bda:Colonial Place:b8e13248f7bb96682093c850d5c7da46 jbollen:Colonial Place:c5d7f97a6ac34b393ba2d252c7331d5a mln:Colonial Place:53bbb5135e0f39c1eb54804a66a95f08 vaona:Colonial Place:fbcc0f347e4ade65a337a4febc421c81