Realms

In Sun WebServer 1.0, the realm directive had little significance other than as an identifier for the browser (printed in the authentication dialog box). In Sun WebServer 2.1, the realm specifies a pre-existing set of users and groups used for authenticating access to a URL. Realm information is stored in the realms.conf file. HTPASSWD realms have a directory associated with them as well (defined in realm.conf) which contains the "users" and "groups" files to be used in the authentication. The password_file and group_file directives in Sun WebServer 1.0 ACLs are therefore obsolete. All 1.0 realms will be HTPASSWD realms in 2.1 since these user-created databases were the only source available in 1.0.

Migrating to Sun WebServer 2.1 realms

1. Given the following Sun WebServer 1.0 access control in /etc/http/access.acl for host widgets:

   url /reports { realm Managers authentication_type basic password_file /usr/auth/Managers/Maners_users group_file /usr/auth/Managers/Managers_groups + group report_managers - user Joe }

2. Create a realm to hold the password and group file. This can be done as follows:

   # htrealm add -i server1 -h widgets -r Managers -s HTPASSWD

   This command will add the following entry to the realms.conf for the site widgets:

   realm Managers { realm_source HTPASSWD }

   It also creates the following directory at the site widgets:

   /var/http/server1/websites/widgets/conf/realms/Managers/

3. Copy the users and groups file into the Managers directory:

   # cp /usr/auth/Managers/Managers_users \ /var/http/server1/websites/widgets/conf/realms/Managers/users # cp /usr/auth/Managers/Managers_groups \ /var/http/server1/websites/widgets/conf/realms/Managers/groups

4. Remove the file directives from the Sun WebServer 1.0 ACL and place the new ACL in the Sun WebServer 2.1 ACL file: /var/http/server1/websites/widgets/conf/access.conf:

   url /reports { realm Managers authentication_type basic + group report_managers - user Joe }