Services  |  Support  |  Account Admin  |  Contact Us  |  Site Map

CERN Password Protection

• Instructions
• The Password File
• The Group File
• The www_acl File

Instructions

To protect a file or directory, you must:

1. Create a password and group file.

   The format of these files is described below.

2. Install the password and group files.
   • Upload your "password.txt" and "group.txt" to your "control" directory.

   • Log into the Web Account Administration area, choose "HoloWWW Management", then "Configure Access Passwords", and use the "Install Files" button to install the password and group files.

   HoloWWW will then create a "protect" directory in your "http" directory.

   Use the "Install Files" button to update HoloWWW whenever you alter the password or group files.

3. Setup Access Control List (ACL) files for each directory you wish to protect.

   Only files and directories under the "http/protect" directory can be protected.

   A directory is not protected unless it contains an ACL file detailing which to files protect and who to allow access. Changes to ACL files take effect immediatly. There is no need to use the "Install Files" button.

4. Upload the files you wish to protect.

The Password File

The password file should be named "password.txt". The password file assigns login names and passwords for access control.

Password File Format

• Lines that begin with # are ignored (comments).
• Blank lines are allowed.
• Each line of the password file is structured as follows:

  	user:password:comment
  

  user	The user's login name.
  password	The password (8 characters or less).
  comment	Usually the user's real name.

  The second colon and comments can be omitted.

  Leading and trailing spaces before and after the user, password, and comments field are ignored.

Password File Example

# This is an example password file

john:gobble:John Doe
mary:SamplePassword:Mary Doe
alice:today:Alice Crabapple
barney:rubble:Barney Rubble

1. The first line begins with # so it is ignored.
2. The last four lines create four accounts.

The Group File

The group file should be named "group.txt". The group file groups multiple logins together to allow easy access control.

Group File Format

• Lines that begin with # are ignored (comments).
• Blank lines are allowed.
• Lines are structured as follows:

  	group_name: members-list
  

  group_name

  The groups all and users matches any user listed in the master password file. The groups anybody, anyone, and anonymous matches any user, and allows anyone to access the document.

  members-list

  Members can be of the format: user, user@(address-list), or @(address-list). The members list can be continued on the next line after any comma. Do not use a group name in group before it has been defined. Address-list format: A list of address is formatted: (address,address) Address lists can be a single address or list of addresses. A single address can be a domain name or an IP address. An asterisk can be used to specify a wildcard in domain names and IP addresses.

Group File Example

	admins: mary, john
	betty: mary, alice
	staff: @custom.com
	sales: @*.sales.custom.com
	inside: @157.151.*.*, alice@other.com
	admin-work: (mary, john)@198.207.169.*

	NOTE: These entries MUST NOT end with a comma (",").

Explanation:

1. admins

   Puts the accounts "mary" and "john" in the "admins" group

2. betty

   Puts the accounts "mary" and "alice" in the "betty" group.

3. staff

   Puts anyone from "custom.com" in the "staff" group.

4. inside

   Puts any one from 157.151.*.* (where * = "anything") and "alice" from "other.com" in the "inside" group.

5. admin-work

   Puts "mary" and "john" from any host on the 198.207.169 network in the "admin-work" group.

The www_acl File

In each directory you wish to protect, you must place an Access Control List (ACL) file. Named "www_acl", this ACL file is used to control which logins and groups are required to access each file.

www_acl File Format

• Blank lines are not allowed.
• There is no mechanism for comments.
• Files not listed are not accessible to anyone.
• The "www_acl" files are immediatly active and do not need to be installed.

  	file : GET : access-list
  

  file	The file to be made available. An asterisk can be used to specify a wildcard in file names.
  access-list	The access list is a comma separated list of users and groups. Group syntax can be used in place of pre-defined groups.

For additional information on how to set up this file, see the W3C CERN Password Documentation page.

www_acl File Example

	Welcome.html : GET : anyone
	register.html : GET : anyone
	member.*.html : GET : users
	baldwin.html : GET : admins
	barney.html : GET : barney
	cosmetics.html : GET : betty

1. Welcome.html

   Allows anyone access to the Welcome.html file.

2. register.html

   Allows anyone access to the register.html file.

3. member.*.html

   Allows any registered user to access files matching member.*.html.

4. baldwin.html

   Allows admins to access baldwin.html

5. barney.html

   Allows only barney to access barney.html.

6. cosmetics.html

   allows anyone in the group betty to access cosmetics.html.