Re: Restricting access

[Mark Montague <markmont@xxxxxxxxx>]

On Mon, 23 Feb 2004 memo@xxxxxxxxxxxx wrote:

> Is there a way to restrict access to our cosign server to certain 
> groups
> within UM?  We want to distribute the School of Information's 
> configuration
> of Mulberry via our Cosign enabled web server but we don't want our 
> alumni
> to be able get the software since they aren't covered under the site
> license.  Is this something Cosign can handle?  If not how can we 
> further
> restrict access beyond Cosign?

Just restrict access as you normally would without cosign.

For example, to have Apache do the authorization for you,
add a directive to the appropriate Directory context in http.conf,
or to the appropriate .htaccess file such as
    require group list-of-people-I-like
The file containing the definition of the group can be
defined by AuthDBGroupFile (if you're using mod_auth_db),
AuthDBMGroupFile (mod_auth_dbm), or AuthGroupFile (mod_auth).

Or you can do authorization under apache using LDAP groups
(mod_ldap) or groups defined in MySQL databases, to name just
a few possibilities.

If you are writing active content (for example, a PHP page),
cosign puts the name of the user into the REMOTE_USER environment
variable.  Your page should use this variable when doing its
authorization checks.

                Mark Montague
                LS&A Information Technology
                markmont@xxxxxxxxx