CU Home A-Z Index | Help
Columbia University Information Technology
CUIT all of Columbia
Restricting Access (Non-Columbia)

Web Design > Restricting Access (Non-Columbia)

If you need to provide access to your documents for users that do not have any Columbia affiliations and therefore do not have UNI's, you may create and maintain your own list of users and passwords. There are two methods for creating a list of users and their passwords — one for the secure server and one for the regular server. (If you are going to combine your own list of users with those who may log in using their UNI's, then you are required to use the secure server.)

Using the Secure Server

The .htaccess File

If you choose to create a local database of users, their passwords, and groups; then you should put the line:

AuthKrbUserType udb

in the .htaccess file. You will need additionally to add the line:

AuthKrbUserFile full-path-to-mydbfile-webacl.udb

where full-path-to-mydbfile.udb is the full path to the new database of users you have set up.

For an official site, such as a student group or departmental site, the full-path would be

/www/data/cu/yourgroup/yourfile-webacl.udb

For a personal site, on the other hand, you will have to discover the full-path. At the unix command prompt type

echo ~user

and it will return something like the following

/p/rd/user

so the full path name to your file would be

/p/rd/user/yourfile-webacl.udb

Setting Up Your Database of Users

The usernames and passwords in your database should have no connection to UNIs and their passwords. The usernames should start with a string that does not exist in UNIs; for example, 'CU', so that there can be no confusion between these different types of accounts when you restrict access to your data.

  1. Create a new password file containing your username. If your username is CUbob you would type

    $ htpasswd webacl.udb CUbob

  2. Type the password that CUbob will use to log in.
  3. Additional usernames can be added using the htpasswd program

    $ htpasswd webacl.udb CUscott

  4. The htpasswd program will make sure that your password file is not publicly readable.
Your password file should end in webacl.udb. It should be readable by you (the owner) and the group (www). You can check to see that your database file is properly named and that it has the correct permissions by using the command ls -l on the file.

You can put the new database file anywhere you like, although it is probably best to keep it in the same directory as the .htaccess file for ease of administration.

.htaccess Examples

To give users access, we must explicitly state each user.

AuthType Basic
AuthName "test"
AuthKrbUserType udb
AuthKrbUserFile full-path-to-mydbfile-webacl.udb
allow from all
require user CUbob CUkim CUscott CUcheryl

If you need to allow users with Columbia affiliations access to your documents as well as those without, please follow the directions for allowing both types of users. Remember that you must provide your users with a log out.

« Back to Restricting Access


Related Links
Restricting Access (Regular Server)
Restricting Access (Both)
Creating a Logout Page
About Columbia askcuit.columbia.edu