Applying authentication when accessing the web console

You can improve security by enabling authentication to the web console.

About this task

When you use the following procedure to restrict access to the Web Console, you must use the file name index.php when you access the web console's default page. For example, after you apply the following steps, the following URL is not displayed as the default web console page for the DNCA 1.2.3.4.

http://1.2.3.4:8080/

You must specify the index.php page as follows.

http://1.2.3.4:8080/index.php

This restriction also applies to following HTTPS access:

https://1.2.3.4:8443/index.php

To require username/password when you access the web console:

Create the Web Server user database file by using the following commands:

Procedure

  1. Edit the file /usr/local/dncauser/etc/runtime.conf.
  2. Search the file for: 
    httpd_userauth_
  3. If the string is not present, add the following parameters to the end of the file. If these entries exist, edit them to the following values:
    1. For Basic Authentication: 
      
httpd_userauth_enable="YES"
httpd_userauth_realm="DNCAv2"
httpd_userauth_require="valid-user"
httpd_userauth_type="Basic"
      Note: Values for httpd_userauth_enable must be in all capital letters, as in the previous example (YES).
    2. For Digest Authentication: 
      
httpd_userauth_enable='YES'
httpd_userauth_realm="DNCAv2"
httpd_userauth_require="valid-user"
httpd_userauth_type="Digest"
      To generate password: 
      /usr/local/dncauser/bin/htdigest 
/usr/local/dncauser/etc/Discover-web.usersdigest "realm" "UserName"
      In the case where you are upgrading:
      1. Compare 
        /usr/local/dncauser/httpd.conf.default
        with 
        /usr/local/dncauser/httpd.conf
      2. copy LoadModule auth_digest_module libexec/mod_auth_digest.so to /usr/local/dncauser/httpd.conf.
      3. Restart DNCA.
  4. To add a user or change their password, use one of the following commands, replacing johndoe with the name of the new or existing user:

    With the following command, you are prompted to enter the new password when the command is run:

    Note: Discover recommends using this method for creating passwords. If this method is not used, passwords cannot be longer than 8 characters.
    For Basic Authority:
    /usr/local/dncauser/bin/htpasswd -m \
/usr/local/dncauser/etc/Discover-web.users johndoe
    When the -b option is added, the password (mypassword) can be specified as part of the command:
    /usr/local/dncauser/bin/htpasswd -mb \
/usr/local/dncauser/etc/Discover-web.users johndoe mypassword
    For Digest Authority:
    
/usr/local/dncauser/bin/htdigest \
/usr/local/dncauser/etc/Discover-web.usersdigest "realm" "UserName"
  5. The changes mentioned in the previous command do not affect PortalStatus's use of the web server to retrieve status information.
  6. The updated configuration file takes effect the next time the Web Server starts.