[med-svn] r2525 - trunk/packages/agdbnet/trunk/debian

tille at alioth.debian.org tille at alioth.debian.org
Wed Sep 24 07:37:38 UTC 2008 

Author: tille
Date: 2008-09-24 07:37:37 +0000 (Wed, 24 Sep 2008)
New Revision: 2525

Modified:
   trunk/packages/agdbnet/trunk/debian/apache.conf
Log:
Use authn_anon for apache as something which works somehow, but warn about security risk.  Some DebConf stuff has to be added to configure the user database apropriately and warn about insecure system if no reconfiguration will be done.


Modified: trunk/packages/agdbnet/trunk/debian/apache.conf
===================================================================
--- trunk/packages/agdbnet/trunk/debian/apache.conf	2008-09-23 14:26:39 UTC (rev 2524)
+++ trunk/packages/agdbnet/trunk/debian/apache.conf	2008-09-24 07:37:37 UTC (rev 2525)
@@ -4,12 +4,41 @@
 <Directory "/usr/share/agdbnet/cgi-bin">
     AllowOverride None
     Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
-    Order allow,deny
+
+    AuthName "Authentication for agcurator"
+    AuthType Basic
+    
+    # This is a very simple Authentication method which in principle enables
+    # ANYBODY to authenticate successfully.  This definitely should be changed
+    # to get a secure system.
+    AuthBasicProvider anon
+    # A detailed description of Apache authentication mechanisms is given at
+    #   http://httpd.apache.org/docs/2.2/howto/auth.html
+    # We recommend at least file authentication which is described here
+    #   http://httpd.apache.org/docs/2.2/mod/mod_authn_file.html
+    # and could be configured like this:
+    #   AuthBasicProvider file
+    #   AuthUserFile /etc/agdbnet/htpasswd
+    # Alternatively you might have an LDAP directory for your local users
+    # which can be used with Apache LDAP athentication which is described here
+    #   http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html
+    # Setting up this is quite comfortable for your users because they do
+    # not need to remember just another password for agcurator but can use
+    # the same as for local network authentication
+    #
+    # I repeat: CHANGE THE AUTHENTICATION METHOD TO SOMETHING MORE SECURE
+    # BECAUSE EVERYBODY WHO KNOWS YOUR NAME AND E_MAIL ADDRESS MIGHT CURATE
+    # YOUR AGDBNET DATABASE OTHERWISE.
+
+    Anonymous_NoUserID off
+    Anonymous_MustGiveEmail on
+    Anonymous_VerifyEmail on
+    Anonymous_LogEmail on
+    # Accepts any user name and valid e-mail address combination
+    Anonymous "*"
+
+    Order Deny,Allow
     Allow from all
 
-    # Authorize for setup
-    <Files agcurate.pl>
-        AuthType Basic
-        # Require valid-user
-    </Files>
+    Require valid-user
 </Directory>

More information about the debian-med-commit mailing list