ELOG

Demo Discussion

Forum Config Examples Contributions Vulnerabilities

Discussion forum about ELOG

Not logged in

Back | Find | Login | Help

Documentation of the webserver authentication, posted by Christof Hanke on Wed May 6 12:31:04 2015

Re: Documentation of the webserver authentication, posted by Stefan Ritt on Tue Jun 9 16:57:06 2015

Message ID: 67883 Entry time: Wed May 6 12:31:04 2015 Reply to this: 67981

Icon:

Author:

Christof Hanke

Author Email:

hanke@rzg.mpg.de

Category:

Comment

OS:

All

ELOG Version:

3.1.0

Subject:

Documentation of the webserver authentication

Hi Stefan,

here is a draft of how you could describe the webserver authentication in your docs.

T/Christof

Attachment 1:

webserver_auth_doc.patch 2 kB | Hide | Hide all

diff --git a/doc/adminguide.html b/doc/adminguide.html
index da25388..0568ae3 100755
--- a/doc/adminguide.html
+++ b/doc/adminguide.html
@@ -243,6 +243,37 @@ URL = http://your.proxy.host/subdir/
 
 into elogd.cfg.<p>
 
+<h3><hr><i>Using apache authentication:</i></h3>
+It is also possible to login via an apache-auth module.

+In elogd.cfg you should use the keyword "Webserver" for Authentication:
+  
+<ul><pre>
+Authentication = Webserver
+</pre></ul>
+This triggers elogd to use the environment variable "X-Forwarded-User" as the logged in user.

+A simple example of a apache configuration (including the proxy) is :
+<ul><pre>
+# this required to pass on the generated env-variable X-Forwarded-User to the proxy 
+ProxyPassInterpolateEnv On
+
+ProxyPass /elog/ http://your.host.domain:8080/
+
+&lt;Location  "/elog"&gt;
+        Order allow,deny
+        Allow from all     
+        AuthType Basic
+        AuthName "elog-server"
+        AuthUserFile "/opt/elog/htpasswd"
+        require valid-user
+        RequestHeader unset  Authorization
+        RequestHeader add X-Forwarded-User %{REMOTE_USER}s
+        # elog doesn't like the '@', so we need to cut it
+        RequestHeader edit X-Forwarded-User "@(.*)$" ""
+&lt;/Location&gt;
+</pre></ul>
+
+
+
 <hr><a name="imagemagick"> <div class=section>&nbsp; Installing ImageMagick &nbsp;</div> <p> 
 When images are attached to ELOG entries, thumbnails can be created for quick preview.
 This works also for PDF and PostScript files. ELOG forwards any image operation
diff --git a/doc/config.html b/doc/config.html
index 9848f58..9e98855 100755
--- a/doc/config.html
+++ b/doc/config.html
@@ -2207,6 +2207,22 @@ Options Location = Main Building{a}, New Building{b}, Old Building{c}
     you have to change your password by other means (such as via the Windows
     login if you use a Windows Domain).
     </p>
+    <p>
+    Beside the Kerberos authentication, elogd version 3.0 and higher can be configured to accept a authentication done
+    by the webserver. 
+    <ul>
+      <li>
+        <b><code>Authentication = Webserver</code></b>
+      </li>
+    </ul>
+    </p>
+    <p>
+    You can also combine it with other authentication methods as shown for Kerberos.
+    </p>
+    <p>
+    Elogd is then accepting the username set in the Request-Header "X-Forwarded-User" as already logged in.<br/>
+    To make this work, you need to configure the webserver correctly, as describe in the adminguide.
+    </p>
     
     <p>
       <a name="email" id="email"></a>

ELOG V3.1.5-fe60aaf