Install guide
Adding Users to the Apache Password File
A default password file is created during installation with only the install user added.
Adding additional users requires root access for permission to edit the password file
/etc/httpd/conf/.wp.
Updating the password file using ypcat. The format for the password file is identical to
that of a Linux passwd file, except that only the first two fields (user and encrypted
password) are used. Apache uses the same crypt function as Linux, so one method of
adding users is:
prompt> ypcat passwd > /etc/httpd/conf/.wp
If using this method, edit the file and delete users based on criteria such as group
membership etc. It is not considered secure to use the actual /etc/passwd file itself.
It is the site's responsibility to keep the password file up-to-date, e.g. by scheduling a cron
job to refresh it at regular intervals.
For additional security, the password file name and location can be changed, and made
readable by the Apache server user only.
Updating the password file manually. To add new users manually using the htpasswd
facility, e.g. to add user demo, passwd demo:
prompt> /usr/bin/htpasswd –b /etc/httpd/conf/.wp demo demo
Use the additional –c flag when creating a new passwd file, or –help for complete usage.
Integrating with NIS. If a site uses NIS, it is possible to authenticate directly using an
optional Apache module - see Appendix 4
for details.
Changing Security Level between B and C
Two steps are required to switch from B to C security and vice-versa:
1. Modify the .htaccess file: Edit the $OWHOME/WebApps/cgi-bin/.htaccess file.
For level C security, comment the <FilesMatch></FilesMatch> lines. For level B
security, uncomment the <FilesMatch></FilesMatch> lines.
prompt> cd $OWHOME/WebApps/cgi-bin
prompt> vi .htaccess
# For level C security comment <FilesMatch></FilesMatch>
#<FilesMatch “(input|delete)\.cgi$”>
AuthType basic
AuthName "WOW Linux" (a descriptive name for the authorization form)
AuthUserFile "/etc/apache2/.wp"
Require valid-user
#</FilesMatch>
# For level B security uncomment <FilesMatch></FilesMatch>
<FilesMatch “(input|delete)\.cgi$”>
AuthType basic
AuthName "WOW Linux" (a descriptive name for the authorization form)
AuthUserFile "/etc/apache2/.wp"
Require valid-user
WOW 5000.0.1.11 Release Notes Page 24 of 104 March 2014