Secure Global Desktop Administration Guide > Users and authentication > Enabling web server authentication for the classic webtop

Enabling web server authentication for the classic webtop

To enable web server authentication for the classic webtop:

1. On each array member, configure the web server to protect access to the /opt/tarantella/var/docroot/cgi-bin/secure directory.
2. In Array Manager, click Secure Global Desktop Login, Properties.
3. Check the box next to Use classic web server authentication.
4. Check one or more boxes in User identity mapping.
5. If necessary, change the Tokens are valid for and Web server username attributes.

Notes

• How you protect the /opt/tarantella/var/docroot/cgi-bin/secure directory depends on your web server, see your web server documentation for details. For the Secure Global Desktop Web Server, see the Apache documentation.
• The boxes you select in User identity mapping are the search methods Secure Global Desktop uses to determine a web user's identity and login profile. For details on how the search methods work, see web server authentication.
• If you select more than one search method, the methods are processed in the order they are shown. As web server authentication does not support ambiguous users users will get the webtop of the first match found.
• If you are using the either of the LDAP User identity mapping search methods, you may also want to configure secure connections to the LDAP directory server.
• You shouldn't need to change the value in the Tokens are valid for box. Reducing the token validity period may result in failed logins on slow networks.
• For new installations of Secure Global Desktop, the Web server username is set to the correct username (ttaserv) for use with the Secure Global Desktop Web Server.

Example of how to configure the Secure Global Desktop Web Server

The following is an example of how you might configure the Secure Global Desktop Web Server for web server authentication:

1. Use the /opt/tarantella/webserver/apache/version/bin/htpasswd binary to create a web server password file.
2. Edit the /opt/tarantella/webserver/apache/version/conf/httpd.conf file and insert the following directory directive:

   <Directory /opt/tarantella/var/docroot/cgi-bin/secure>
   AuthUserFile  file-path
   AuthName      auth-domain
   AuthType      Basic
   Require       valid-user
   </Directory>

   where file-path is the full path to the web server password file
   
   and auth-domain is the name of authorization realm that appears in the web browser's authentication dialog.
3. Restart the Secure Global Desktop Web Server (using tarantella webserver restart ) for the configuration changes to take effect.

Notes

• Alternatively, you could protect /opt/tarantella/var/docroot/cgi-bin/secure by using an .htaccess file. If you do this, you must also set the AllowOverride in order for the directives to be applied. To apply the Auth directives, you must also include AuthConfig (or All) in your AllowOverride directive.

Copyright © 1997-2005 Sun Microsystems, Inc. All rights reserved.