Transcript Assignment #4 - Authentication

Web Server Design
Assignment #4: Authentication
Due: 04/14/2010
Old Dominion University
Department of Computer Science
CS 495/595 Spring 2010
Martin Klein <[email protected]>
Grading
• To be done by an automated program that will test
most (all?) combinations
– assignment is listed under the day it is to be demoed in
class
– each group will give a 3-4 minute status report the
week before an assignment is due!
• If you have a question:
– email the class list
– mimic the behavior of a well known Apache server
(e.g., www.cs.odu.edu)
Methods to Support
• Same as assignments 1-3
Status Codes to Support
• Same as assignments 1-3, plus:
– 401 Unauthorized
Request Headers
• Same as assignments 1-3, plus
– Authorization
Response Headers
• Same as assignments 1 -3, plus:
– WWW-Authenticate
– Authorization-Info
MIME Types, Encodings, etc.
• All of these as per assignments 1-3:
–
–
–
–
MIME types
Encoding types
Character sets
Languages
Authentication
• Implement Basic & Digest authentication as
per RFC 2617 and Lectures 10 & 11
• I’ll construct cnonces like this:
– md5(timestamp:method:URI:user:passwd)
Specifying
Authentication Protection
• In your server configuration file:
– provide private key (any word or phrase) to use in
generate nonce & opaque values
• (yes, this is not the safest way to do this…)
– provide a configurable value for how to protect
directories:
• name = “WeMustProtectThisHouse!”
– http://www.youtube.com/watch?v=dnECY26PSHk
• all functions combined in a single file for simplicity (you
would normally separate them)
• this file protects the directory it is in, and recursively protects
all of its sub-directories
WeMustProtectThisHouse!
Format (Basic)
% cat WeMustProtectThisHouse\!
#
# Hashed lines are comments
# order is not important, but here are
# two special lines:
#
authorization-type=Basic
realm=“Folks-Stevens Indoor Tennis Center”
# always quote realm since it might have spaces
#
# user format = name:md5(password)
#
mklein:d3b07384d113edec49eaa6238ad5ff00
bda:c157a79031e1c40f85931829bc5fc552
jbollen:66e0459d0abbc8cd8bd9a88cd226a9b2
WeMustProtectThisHouse!
Format (Digest)
% cat WeMustProtectThisHouse\!
#
# Hashed lines are comments
# order is not important, but here are
# two special lines:
#
authorization-type=Digest
realm=“Colonial Place”
# always quote realm since it might have spaces
#
# user format = name:md5(name:realm:password)
#
mklein:Colonial Place:53bbb5135e0f39c1eb54804a66a95f08
bda:Colonial Place:b8e13248f7bb96682093c850d5c7da46
jbollen:Colonial Place:c5d7f97a6ac34b393ba2d252c7331d5a
Keep in mind:
Status report in 1 week!
START
NOW!!!