Whos There? User/Group Verification
Finally, you can use the http access.conf file, along with a couple of other files and tools, to configure security for a specific directory or file on a per-user or per-group basis. You'll need to create the .htpasswd file on a per-directory basis and/or a global .htpasswd file. The HTTPD::UserAdmin module is the tool of choice for manipulating passwd/group files. It knows about the various types of user and group databases that the Apache, NCSA, and even CERN servers implement, and provides you with a generic interface that hides the inconsistencies, simplifying the maintenance of the databases.
The user/group databases may take various forms and use different internal formats, depending on your preference and what tools are available on your system. The HTTPD::UserAdmin module allows you to access databases implemented as DBM files or straight text files. It also gives you the capability to talk to an SQL database and to get/put user information to an SQL database. Its companion, HTTPD::Authen, knows about the various formats of the entries in these files, including MD5 (Message Digest), as well as standard (default) DES encryption and, of course, plaintext.
The HTTPD::UserAdmin module provides you with several useful methods after you've created a new HTTPD::UserAdmin object. These include the following:
| add(name,passwd) | Add a new user to the database |
| delete(name) | Delete a user from the database |
| exists(name) | Check if the user exists in the database |
| password(name) | Return the encrypted password for the user |
| list | Return a list of all the usernames in the database |
| update(name,password) | Update the user with a new password |
| group | Create a new GroupAdmin object |
| lock([timeout]) | Create a file lock for the database in anticipation of updating it |
| unlock | Unlock the database |
| db(dbname) | Select a different database |
There are several examples, provided as tests in the t/ directory, that accompany the HTTPD:: module suite. You can adapt these to suit your particular needs. The simplest case might be one in which you wish to add a new user to an existing database. The following simple script lets you do this, first by checking if the specified user already exists in the database. If so, it updates the record with the new password. If not, it creates the new entry for the user.
#!/usr/local/bin/perl
require HTTPD::UserAdmin;
$path = "/usr/local/etc/httpd/conf";
$username = shift || "josie";
$password = "pussycats";
$user = new HTTPD::UserAdmin(DBType => "Text", Path => $path, Server => "apache");
if($user->exists($username)){
print "$username already exists in the database\n";
print "Updating with new password\n";
$user->update($username, $password);
}
else{
print "Adding $username to database\n";
$user->add($username, $password);
if($user->exists($username)){
print "Successful\n";
}
}