|
I’m trying to set up an
authorization system using Apache for an internal web site. I’m having a
tough time doing it and staying within the constraints that I have. I’m
hoping someone here has done this before and can offer me some suggestions or
advice. On our organization’s internal
intranet website, we want to block access to some directories based on
information stored in a MySQL DB on the server. However, I like to avoid requiring
the user to enter another password, or the same password, to view the protected
content. I’d like to rely on the network authentication system to
authenticate the user, and based on this authentication, allow or block the
content. I thought I had a solution in using the
USERNAME environment variable from the workstation, in conjunction with a
script on the server. However, we discovered that the USERNAME variable was
easily changed and that a user could send any USERNAME that they desired to the
script. I think that the perfect solution to this
is an authentication or authorization using LDAP. However, for policy reasons
in my organization, this can’t be done. Network authentication is done
through Novell Netware 5.1 SP8, which I’m told doesn’t include an
LDAP server. I haven’t independently verified this. I’m not very
knowledgeable about Novell Netware. I thought the Novell eDirectory was
essentially an LDAP system, but this may not be available in Netware 5. Can
anyone verify this? Because of other policy constraints, I’m
not allowed to set up a replacement for the network authentication system,
using LDAP, and pass the results into Netware. The only option that I think I have is
setting up a password system for the intranet, and forcing users to enter a
second password, in addition to the network login, to access content in the
protected areas. Can anyone suggest other ways that I may
have overlooked? Can you tell me what systems are in use in your organizations to
solve similar problems? Thanks in advance for your suggestions,
advice and help. -Kevin Zembower |
|