Dartmouth College home

Dartmouth Home | 

Index | 

Search 
             

VAN Home  

www.dartmouth.org  

VAN Home

Alumni Relations Information

Online Services
  MyVan
  Directory
  Email
  Library
  Help

About
  Clubs
  Classes
  Reunions
  Homecoming
  Groups
  Leadership
  YADA
  Awards
  Education

Search VAN
 

get your Dartmouth/MBNA Credit Card here!
DARTMOUTH COLLEGE MBNA CREDIT CARD


Order Your Class Ring Today!

 

VAN: Webmasters: Accounts:

Using Kerberos Authentication

You can restrict a web page such that only authorized users are allowed access. This service is available on the Vox Alumni Network server. Restriction is accomplished by creating an .htaccess file in the directory with the restricted files. When a user attempts to access one of these restricted files, the KClient dialog box will pop up and the user will need to type in their name directory name and password. This is the same name and password you use to access your BlitzMail account.

Usage

SidecarAllowRealm [realm] Any user who is in the realm is allowed access. The VAN Realm is DARTMOUTH.ORG

SidecarAllowUser [user@realm] Allows a user to access the page. The user must be in the realm specified. The name is looked up in the appropriate name directory, either the DND (Dartmouth Name Directory), the AND (Alumni Name Directory), or the Dartmouth Hitchcock Name Directory to ensure usage of the canonical user name. Names entered must be unique, or the name directory lookup will fail and the user will not be allowed access.

SidecarLogfile [full path to logfile] Specifies where DND lookup information is to be logged. No file specific information is logged, just how many times the DND was accessed per lookup. Useful only for performance testing.

Examples of .htaccess files

Example 1

If you have a web page that you only want users in the VAN to look at, put an .htaccess file in the directory with the web page that says:

SidecarAllowRealm dartmouth.org

If someone from outside of the dartmouth.org realm tries to access any pages in the .htaccess directory, they will be denied access. Only those people with entries in the Alumni Name Directory will be allowed access.

Example 2

Assume you have created an .htaccess file in the /classes/75/addresses/ subdirectory on the Alumni web server. The /classes/75/addresses/ subdirectory also contains the html files: passwords.html and logins.html.

SidecarAllowUser Nelson.Armstrong.71@dartmouth.org
SidecarAllowUser hoyle@dartmouth.edu
SidecarAllowUser smith@hitchcock.org

Theoretically, the above .htaccess file will allow the user Nelson Armstrong at Dartmouth College Alumni, someone named 'hoyle' at Dartmouth College and someone named 'smith' who works for Dartmouth Hitchcock to access any web page in the /classes/75/addresses/ subdirectory where the .htaccess resides. Let's go through this .htaccess file line-by-line.

  • If Nelson Armstrong tries to access either the passwords.html page or the logins.html page in the /classes/75/addresses/ subdirectory, he will be asked for his AND name and password. Assuming he types them into the KClient dialog box successfully, he will be authenticated and allowed to access the requested page.

  • For now, the .htaccess file will allow the user "hoyle" in the realm "Dartmouth.edu" to access the /classes/75/addresses/ webpages since only one name "hoyle" exists in the DND. But if the college adds another individual with the name 'hoyle' or if someone adds the name 'hoyle' as a nickname, this will not work correctly. You should always completely specify the whole name (firstname.middlename.lastname@realm) for use with SidecarAllowUser in an .htaccess file.

  • If a user named "smith" tries to login from Dartmouth Hitchcock, he will be denied access to the /classes/75/addresses/ pages since the name "smith" does not have exactly one match in the Dartmouth Hitchcock name directory. This failed attempt to access the /classes/75/addresses/ pages will be logged to the specified error file.

  Copyright © 2003, Trustees of Dartmouth College - Privacy Policy

Top of page