基于basic认证机制配置httpd服务器拥有用户访问控制功能

fdgre

实验须知：
    实验主机：192.168.1.11


1. 配置httpd基于用户的访问控制----basic认证机制

(1)安装httpd程序，并启动服务

1 2 3 4 5

#yum install httpd–y [iyunv@node1 ~]# servicehttpd start Starting httpd:httpd: Could not reliably determine the server's fully qualified domain name,using 172.16.33.1 for ServerName                                                           [  OK  ] [iyunv@node1 ~]# ss –tnl

（2）在配置文件中定义安全域

（a）修改’MainServer’的路径为/data/web/html，并进行访问测试

1 2 3 4 5 6 7 8 9 10 11 12 13 14

#vim/etc/httpd/conf/httpd.conf …………. DocumentRoot "/data/web/html" .…….. # mkdir/data/web/html -pv [iyunv@node1 ~]# cd/data/web/html/ [iyunv@node1 html]#vim index.html 添加：            <h1>new path</h1>          [iyunv@node1 ~]# httpd -t httpd: Could not reliablydetermine the server's fully qualified domain name, using 172.16.33.1 forServerName Syntax OK [iyunv@node1 ~]# servicehttpd reload Reloading httpd:

在浏览器中输入：http://192.168.1.11/，访问测试

(b)在/data/web/html/添加一个目录employee，并封装Directory，实现对此目录认证basic机制的实现，认证用户tom，jerry

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

# mkdir/data/web/html/employee # cd/data/web/html/employee [iyunv@node1 employee]# vimindex.html          Tom 21          Jerry 90 #vim/etc/httpd/conf/httpd.conf ………添加Directory，对目录的访问控制………… <Directory "/data/web/html/employee">         Options None         AllowOverride None         AuthType basic         AuthName "it is only foremployee!!"         AuthUserFile /etc/httpd/users/.htpasswd         Require user tom jerry </Directory> ……………. [iyunv@node1 html]# httpd-t httpd: Could not reliablydetermine the server's fully qualified domain name, using 172.16.33.1 forServerName Syntax OK

（3）创建/etc/httpd/users目录，并在目录下提供用户的账号文件

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

[iyunv@node1 html]# mkdir/etc/httpd/users [iyunv@node1 html]# cd/etc/httpd/users [iyunv@node1 users]#htpasswd -c -m /etc/httpd/users/.htpasswd tom New password: Re-type new password: Adding password for usertom [iyunv@node1 users]#htpasswd  -m /etc/httpd/users/.htpasswdjerry New password: Re-type new password: Adding password for userjerry [iyunv@node1 users]# cat/etc/httpd/users/.htpasswd tom:$apr1$snf79TuR$lX7b.Y8S9bbRtZh8cpbaz1 jerry:$apr1$sxqJzSiW$fa0WXYi2dFdCDIkO.0yCt1          (4)重启服务，并在浏览器进行测试                    [iyunv@node1 employee]# httpd-t httpd: Could not reliablydetermine the server's fully qualified domain name, using 172.16.33.1 forServerName Syntax OK [iyunv@node1 employee]#service httpd reload Reloading httpd:

此时在浏览器中输入：http://192.168.1.11/employee/，输入tom、jerry及对应密码，多次输入观察结果；发现只有tom、jerry用户且都要输入正确的密码才能成功访问！


2. 基于组的认证

创建组文件，并在配置文件中添加即可。

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

[iyunv@node1 employee]# vim /etc/httpd/conf/httpd.conf …………修改为如下内容…………….. <Directory"/data/web/html/employee">         Options None         AllowOverride None         AuthType basic         AuthName "it is only foremployee!!"         AuthUserFile /etc/httpd/users/.htpasswd         AuthUserFile /etc/httpd/users/.htgroup         Require group mc </Directory> …………………………. [iyunv@node1 employee]# vim/etc/httpd/users/.htgroup ………….添加如下内容……………….            mc: tom jerry [iyunv@node1 employee]#httpd -t httpd: Could not reliablydetermine the server's fully qualified domain name, using 172.16.33.1 forServerName Syntax OK [iyunv@node1 employee]#service httpd reload Reloading httpd:

基于组认证的配置就完成了，下面在浏览器中进行访问测试即可!!!!