How do I enable web server authentication?

To enable web server authentication and give users access to a Tarantella webtop, you need to:

configure your web server to authenticate Tarantella users; and
enable web server authentication in Array Manager.

Configure your web server

To configure your web server for web authentication:

you must protect the Tarantella/cgi-bin/secure directory so that users requesting a Tarantella URL are prompted to log in.
you must use basic authentication as the authentication method. Digest authentication is not supported.
your web server must set the REMOTE_USER cgi-bin environment variable.

How you do this depends on your web server, see your web server documentation for details.

Note As basic authentication sends the username and password in unencrypted text across the network, we recommend you use a secure (HTTPS) web server.

If the web server is configured correctly, when you access http://server/tarantella/ your browser prompts you for authentication and the web server only allows access for authorized users.

Example of how to configure the Tarantella Web Server

The following is an example of how you might configure the Tarantella Web Server for web server authentication:

Use the install_dir/webserver/apache/1.3.27/bin/htpasswd binary to create a web server password file.
Edit the install_dir/webserver/apache/1.3.27/conf/httpd.conf file and insert the following directory directive:
```
<Directory "install_dir/var/docroot/cgi-bin/secure">
AuthUserFile  file-path
AuthName      auth-domain
AuthType      Basic
Require       valid-user
</Directory>
```
where file-path is the full path to the web server password file
and auth-domain is the authorization realm that appears in the web browser password dialog.
Restart the Tarantella Web Server (using tarantella webserver restart) for the configuration changes to take effect.

Note As an alternatve, you could restrict access to install_dir/var/docroot/cgi-bin/secure by using an .htaccess file. If you do this, you must also set the AllowOverride in order for the directives to be applied. To apply the Auth directives, you must also include AuthConfig (or All) in your AllowOverride directive.

Enable web server authentication in Array Manager

To enable web server authentication in Array Manager:

On your webtop, click Array Manager.
Click Tarantella Login, Properties.
Select one or more of the web authentication search methods.
In the Tokens are valid for box, type the validity period in seconds of the web server authentication token.
In the Web server username box, type the username of the user who owns web server processes. The default is ttaserv.
Changing this setting requires a server restart for all array members.

If more than one web authentication search method is selected, the methods are processed in the order they are shown. The search methods are used to determine the user's login profile. For details on how to use the LDAP directory server search methods to determine the user's login profile, see Defining webtops for LDAP users using login profiles.

As the web authentication trusts the user you enter in the Web server username box, we recommend you restrict access to this user and you restrict the processes that run as this user. It is more secure to have a user that is used to run the web server and nothing else. All web servers used in the array must use the same username.

Related topics
Introducing web server authentication Security considerations of using web server authentication Users experience problems with web server authentication Login authorities Tarantella Login properties (array-wide) Configuring your own web server for use with Tarantella