Access control and the CERN httpd

heaney@gatwick.sgp.slb.com
Wed, 23 Mar 1994 16:23:30 --100


A problem I have run into that some kind soul may be able to help me with:-

The CERN http (2.16) supports access control configurable by domain and/or
user name and password. If a domain mask is specified then there is no
prompt for a passord - if a list of users is specified then a user name and
password are required. Taking an example from the CERN doc:

authors: john, james
cern_people: @128.141.*.*

the first line is user based access, the second domain mask based.

I would like to run CGI script which must for various reasons be run setuid -
hence requiring the browser to provide an username and password. However,
the list of users that are to be permitted to use the script is vast. To
maintain a list of all of the valid users in the .group file is impractical.
Much simpler would be in some way to specify all users from a particular domain.

_However_, there does not seem to be a valid way of doing this. Neither
(*)@134.32.*.* or *@124.32.*.* seems to be valid group declaration.

So, the basic question is, (using the CERN httpd), how do you get the browser
to supply a username and password without supplying a group definition which
specifies user names?

Any suggestions? With thanks,

Steve Heaney

Schlumberger Geco-Prakla
heaney@gatwick.sgp.slb.com