|
:I have an OpenVMS customer who would like to provide secure access to webpages
:based on OpenVMS User Authentication and ACL's. Has this been done before, can
:this be done, if so, how?
ACLs are a host-local construct, and -- without having some sort of
external authentication of the user, information that could be translated
into OpenVMS attributes `visible' to the ACL processing -- is not directly
applicable to webservers.
The ACL would differentiate by the username of the webserver, or the
webserver would need to impersonate the target user (or add on the
necessary identifiers), or the CGI would need to impersonate the
target user (or add on the necessary identifiers).
External authentication is the interesting part of all this...
You could quite conceivably have webservers running under different
usernames, etc.
|
| The Purveyor webserver for OpenVMS allows for a user-supplied
authentication DLL which will replace the normal basic authentication
mechanism. Included with the Purveyor distribution is a sample
authentication DLL that validates users using the SYSUAF. This would
allow you to restrict access to web pages based on the VMS username.
Determining what pages a given user has access to still has to be done
using the Purveyor's access controls, however, so there is no way to
restrict access to pages based on OpenVMS ACLs. The user account uder which
the Purveyor worker processes run must have access to all of the pages it serves
out.
Hans.
|