Web Server Design Assignment #4: Authentication Due: 04/14/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein

Grading To be done by an automated program that will test most (all?) combinations –assignment is listed under the day it is to be demoed in class –each group will give a 3-4 minute status report the week before an assignment is due! If you have a question: – the class list –mimic the behavior of a well known Apache server (e.g.,

Methods to Support Same as assignments 1-3

Status Codes to Support Same as assignments 1-3, plus: –401 Unauthorized

Request Headers Same as assignments 1-3, plus –Authorization

Response Headers Same as assignments 1 -3, plus: –WWW-Authenticate –Authorization-Info

MIME Types, Encodings, etc. All of these as per assignments 1-3: –MIME types –Encoding types –Character sets –Languages

Authentication Implement Basic & Digest authentication as per RFC 2617 and Lectures 10 & 11 I’ll construct cnonces like this: –md5(timestamp:method:URI:user:passwd)

Specifying Authentication Protection In your server configuration file: –provide private key (any word or phrase) to use in generate nonce & opaque values (yes, this is not the safest way to do this…) –provide a configurable value for how to protect directories: name = “WeMustProtectThisHouse!” – all functions combined in a single file for simplicity (you would normally separate them) this file protects the directory it is in, and recursively protects all of its sub-directories

WeMustProtectThisHouse! Format (Basic) % cat WeMustProtectThisHouse\! # # Hashed lines are comments # order is not important, but here are # two special lines: # authorization-type=Basic realm=“Folks-Stevens Indoor Tennis Center” # always quote realm since it might have spaces # # user format = name:md5(password) # mklein:d3b07384d113edec49eaa6238ad5ff00 bda:c157a79031e1c40f bc5fc552 jbollen:66e0459d0abbc8cd8bd9a88cd226a9b2

WeMustProtectThisHouse! Format (Digest) % cat WeMustProtectThisHouse\! # # Hashed lines are comments # order is not important, but here are # two special lines: # authorization-type=Digest realm=“Colonial Place” # always quote realm since it might have spaces # # user format = name:md5(name:realm:password) # mklein:Colonial Place:53bbb5135e0f39c1eb54804a66a95f08 bda:Colonial Place:b8e13248f7bb c850d5c7da46 jbollen:Colonial Place:c5d7f97a6ac34b393ba2d252c7331d5a

Keep in mind: Status report in 1 week!

START NOW!!!