Basic Authentication

Basic authentication is selected by default and requires users to enter a username and password to access the web server or web site. You must create and store a list of users and groups in an LDAP database, such as the Sun Java System Directory Server, or in a file. You must use either a directory server installed on a different server root than your web server, or a directory server installed on a remote machine.

When users attempt to access a resource that has User-Group authentication in the Administration Server or on your web site, the web browser displays a dialog box asking the user to enter a username and password. The server receives the information either encrypted or unencrypted, depending on whether encryption is turned on for the server.

If you use the Basic Authentication setting without SSL encryption, the username and password are sent as unencrypted text across the network. The network packets could be intercepted, and the username and password could be misused. Basic authentication is most effective when combined with SSL encryption, Host-IP authentication, or both. Use Digest Authentication to avoids this problem.

The following dialog appears when users authenticate their identity:

Figure 9–1 Example of Username and Password Prompt

After you click OK, the following process is followed:

• The Server Administration page, if authenticated to access the Sun Java System Web Administration Server

• The file or directory listing requested, if logging in to a web site

• A message denying access if the username or password are invalid

You can customize the access denied message received by unauthorized users using the Access Denied Response page.