Source: www.itcase.com 1. Preface Now Many websites have strict restrictions on users' access rights, users need to give "User Name / Password" to confirm their identity when accessing certain resources. At present, the most identity authentication method is to store the username, password in a database. When the user wants to access some restrictions, enter the username and password in a page, the program enters the username and Compare the "User Name / Password" of the data inventory, if the input is correct, the resources are used normally, otherwise, resource access is rejected. However, this identity authentication method has two big problems. On the one hand, as long as the user has a successful authentication, you can record the link address of the resource, and simply enter the address when the next access is entered without the need to pass the identity. The authentication process can access resource; on the other hand, the user can right-click on the hyperlink point of the restricted resource. You can check the link address of the restricted resource, directly access the address, make the identity authentication It cannot achieve the expected results. Apache can solve the above problems well. Apache is software that establishes WWW websites and can run under Linux, UNIX, and Windows operating systems. Let's take Linux as an example to describe how apache completed user authentication. Second, the basic principle Apache's basic principle is that when the system administrator launches the identity authentication function, you can add a default name ".htaccess" file in the directory to be restricted. When the user accesses resources under the path, the system will pop up a dialog box requesting the user to enter "User Name / Password". That is, its identity authentication function is not human being controlled by the program, but is directly controlled by the system. This avoids the hyperlink of the user records that require authentication, and will not be directly accessed next time. There are a variety of identity authentication, including the precompiled mod-auth module and Apache brought but not compiled by Apache, such as mod-auth-db modules, mod-auth-db modules, mod- Auth-msql module. There are also some third-party modules, such as: MOD-Auth-MySQL modules used in the MySQL database, which can limit a group of users or a user. Third, the specific implementation will mainly introduce the use of the Mod-Auth module and the mod-auth-mysql module. But no matter what kind of authentication, you must do some settings for Apache: In the configuration file access.conf as follows: AccessFileName. HTACCESS Alloerride All (1) MOD-AUTH module completes the identity authentication function, it mainly Allows the group name, user name, and user password to access the resource, and the specific method is: 1. Edit the group file used by the certification: Mainly used to store the group name that can be accessed resource, and the users. Use the VI editing group file. Htgroup is stored as followsi: LKCH stores under the /ssud/local/apache/secrets/.htgroup path, where ptisi is a group name, LKCH is the username in the group. 2. Create user files: Mainly used to store usernames and password htpasswd -c /usr/local/apache/secrets/.htpasswd LKCH Note: htpasswd is Apache to provide programs for implementing authentication functions, -c Generate a new.htpasswd file, if there is an old file with the same name, overwrite the old file. The program will ask the password to type "Hello" and then re-confirm the password.
