NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | ATTRIBUTES | SEE ALSO | NOTES
site_path/conf/realms.conf
A realm defines a protection space, a domain of users and groups and their permissions. Sun WebServer access control configuration permits realms that are configured in realms.conf with the ACLs.
Realm files may be created by htrealm(1m)or by the Sun WebServer Administration Console.
A realm definition consists of the following:
Realm identifier
Source of user information: HTPASSWD, ISP, ISPADMIN, or UNIXSYS
ISP or ISPADMIN realms are only valid if you are running Sun WebServer in an environment where directory service for SolarisTM for ISPsTM has been installed.
List of realm members with permission to modify the realm itself
Directory location of user information for HTPASSWD realms.
The following syntax rules apply to the realms.conf file:
The pound sign (#) is a comment character. All characters from a # to the end of a line are ignored
White space is ignored in directive definitions.
Some directives accept a list of values. Separate multiple values by white space. If more than one line is required to list all values, escape all but the last newline with a backslash (\) at the end of the line.
All directives are grouped in blocks surrounded by curly braces ({ and }). Any amount of white space, newlines, or directive definitions may appear between an opening curly brace and its matching close, including directive blocks which also use matched curly braces to contain a definition.
Each realm definition is in the following form:
realm <identifier> { realm_source UNIXSYS | ISP | ISPADMIN | HTPASSWD [ realm_dir <data_directory> ] administrator { user <realm_user_name>[ <realm_user_name>...] [ group <realm_group_name>[ <realm_group_name>...] ] } }
The syntax and definition of each directive are explained in the following Directives section.
The following keyword directives are valid in the realms.conf file:
Defines the realm users and groups that have permission to modify realm data. The admins directive may have a user directive or optionally have a group directive.
Names groups of users that have permission to modify realm data. The group_name directive is an optional directive valid in the administrator block. Separate multiple group names with white space.
Defines the component identification, version of Solaris for ISPs, and the Administrator realm (ISPADMIN). The default value is "SUNWhttp_2.0".
Defines a realm. There may be multiple realm definitions in the realms.conf file, as long as each has a unique identifier. The identifier directive can be any arbitrary string of alphanumeric data (no special characters). White space is allowed when enclosed in double quotes.
The definition consists of realm directives, and must include at least a realm_source.
Defines a directory relative to the site path where the users and groups files for an HTPASSWD realm are stored. realm_dir is required and valid only if realm_source is HTPASSWD. It can be either an absolute path or a path relative to realms.conf, or it can be left unspecified. The default value is realms/realmname/.
Defines the source of user and group information for the realm. This directive is required in every realm definition. realm_source may be one of the following:
Indicates that the user or group information is retrieved using the Sun WebServer users/group file format, and that user and group information will be maintained in the data directory named by realm_dir. The htrealm(1m) utility is used to create users and modify passwords.
Indicates that the user or group is stored in the Solaris for ISPs shared directory service. Changes to user and group information cannot be made through Sun WebServer.
Indicates that the principals are Administrators in the Solaris for ISPs Management Console. The -d flag takes the ISP-component ID and version (for example, "SUNWfinger-1.0").
Indicates that the operating system user and group definitions will be used to authenticate users in the realm. Changes to user and group information cannot be made through Sun WebServer.
Names realm users that have permission to modify realm data. The user_name is a required directive valid in the administrator block. Separate multiple user names with white space.
httpd auth sufficient /usr/lib/security/pam_unix.so.1 httpd-isp auth sufficient /usr/lib/security/pam_ldap.so.1 autohost
This configures Sun WebServer httpd to use the UNIX PAM library for authenticating for Solaris for ISPs subscribers stored in the LDAP-based directory. This does not use stacking, but uses different service names (httpd, httpd-isp).
Sample realms.conf file:
realm siteAdmin { realm_source HTPASSWD administrator { user user1 } } realm SystemUsers { realm_source UNIXSYS }
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWhttpc |
Interface Stability | Evolving |
Sun WebServer on Solaris 2.6 and greater uses a pluggable authentication module (PAM) for authenticating principals in UNIXSYS and ISP realms using /usr/lib/security/pam_unix.so, and /usr/lib/security/pam_ldap.so respectively. Refer to pam.conf(4) for details on how to set up PAM.
NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | ATTRIBUTES | SEE ALSO | NOTES