authorization with tamino and apache

has anyone successfully established tamino-authorization with the apache web server?

i established users, groups and acls according to the tamino documentation. However I can’t get access to restricted areas (java: taminoclient.setHTTPuser seems to have no effect). The problem probably lies in the Apache configuration which the tamino doc doesn’t discuss.

does anyone know how to configure apache? access limitation for ordinary directories/locations works fine, it only seems to fail with the Tamino authorization.

[This message was edited by Fabian Lilie on 09 Apr 2001 at 15:50.]

Let me rephrase my problem: only if I
"require valid-user" in the apache tamino-section Tamino actually performs identity-checking. However this blocks all the unidentified “guests” whom I wanted to grant read-only access to my database. Is there a way around?

Thanks!

I believe that indeed, with Apache, it is not possible to require at the same time a valid-user and allow guest access.

I am not such a fan of current Netscape products but in Netscape Enterprise Server you can allow that (i.e. either a non-authentified guest OR a valid user (but no invalid users)).

In production application, I believe Tamino is usually not exposed to end-users. It is served through the application server. And at the level of the application server and its Web interfaces you can have the control on external accesses.

A work-around in your case you would be to setup a ‘pass-through’ servlet for allowing guest access to Tamino. I never tried the official pass-trough servlet provided with Tamino distribution but I guess it should be easy to use it for that purpose.


Software AG Belgium, Professional Services Division

Haven’t tried and don’t have the docs handy, but I remember something like a default group that has the same name as the collection (or database?) it is intended for and that, if present, will be applied to all unnamed users.
Now if you combine that with a second entry in httpd.conf for the same database, with explicit Host and Port entries for both, same database name but different Tamino alias like

<Location /tamino/mydb>
… authentication stuff I don’t remember …
SetHandler ino
Host xyz.abc.de
Port 4711

<Location /opentamino/mydb>
SetHandler ino
Host xyz.abc.de
Port 4711

- this could come close to what you want.
A lot of if’s here, and I really don’t know if it works that way, but it’s a start - maybe someone could comment on this?

Regards,
Johann

If you get passed Apache security, and get a response back from Tamino, that means your acl isn’t configured correctly.
In ino:user, user name has to match exactly. (case sensitive for Apache; Domain/Userid for NT .etc.)
You can’t have an ino:acl entry with “no” access, that will block all access to that particular document.
Define collection name/doctype name in ino:acl
collection name alone doesn’t work (at least for my case).

Hope this help.