© 1996-2003 Jan Wolter, Steve Weiss
Prev: Part IV: Installation
Next: Part VI: Cron Configuration
If you are using the --login=form option, then you don't need any authentication services from the http server, and you can skip this step. Proceed to the next step, cron configuration.
Otherwise, if you are the default --login=basic option, then you need to make sure that the http server is configured to handle authentication the way you want it.
Backtalk can be used with any http server, but configuration instructions are given here for Apache only. Sorry, we don't know an awful lot about the others.
(1) Install Needed Modules
If you selected the default --authtype=text option, then this should not be an issue. It is possible to build Apache without mod_auth installed, but would be really unusual.
If you selected --authtype=db or --authtype=dbm then you need to be sure your Apache server has mod_auth_db or mod_auth_dbm (respectively) installed. These are not installed by default in the standard Apache distribution. Redhat 6.1 installs only mod_auth_db.
To check, find your httpd program and run it with an -l option on the command line. This will list the modules linked into it. If the module you need is listed, then you are all set. If not, check if mod_so.c is on the list. If it is, then your Apache server is set up to dynamically load additional modules, and you should check if the module you need is installed as a dynamically loaded module. Dynamically loaded modules are normally found in the `modules' directory under Apache's home directory (possibly `/usr/local/apache/modules' or `/etc/httpd/modules'). Look in this directory to see if the module you need is installed.
If it is not installed, then you'll need to install it. To do this, follow the instructions in the Apache distribution. Note that if you have a server configured for dynamically loaded modules, installing new ones is pretty easy using the `apxs' command. Otherwise, you'll have to recompile Apache with the new module (which is not really all that hard either).
(2) Enable Authentication
The Backtalk installation scripts will have created two subdirectories under your CGI directory, one named `pw' the other named `adm'. Into these directories it has placed some programs that should only be runnable by authenticated users, and it has placed some files named `.htaccess' which configure the authentication for those directories.
As usually distributed, Apache will ignore the `.htaccess' files. To enable them, we need to make a slight change in the configuration.
To do this, locate the `httpd.conf' configuration file for Apache and edit it. Find the section of the configuration file that configures the options on the cgi-bin directory. It probably looks something like this:
<Directory "/home/httpd/cgi-bin"> AllowOverride None Options ExecCGI Order allow,deny Allow from all </Directory>Change the `AllowOverride' line to say
AllowOverride AuthConfigThis says that `.htaccess' files may override the authentication configuration settings for this directory and its subdirectories.
An alternative to using the `.htaccess' files would be to add into `httpd.conf' some new directory configuration blocks similar to the one above but for the `pw' and `adm' subdirectories. The commands in the `.htaccess' files would be put into these blocks instead.
(3) Restart Apache
Tell the currently running apache to reload its configuration file, so the new settings are activated. If your system has the `apachectl' program installed, do:
apachectl restartFor Redhat 6.1, which doesn't have `apachectl', do instead:
/etc/rc.d/init.d/httpd restart
(4) Test Authentication
If you aren't confident that you have Apache and the Backtalk authentication system all correctly installed, then you may want to run some tests by using your browser to run Backtalk's little cgitest script.
The URLs of the cgitest program will be
cgiurl/cgitestcgisuffix/foo?barFor example, if you configured cgiurl to http://your.host.name/cgi-bin/backtalk and did not set cgisuffix, then the URLs would be
cgiurl/pw/cgitestcgisuffix/foo?bar
cgiurl/adm/cgitestcgisuffix/foo?bar
http://your.host.name/cgi-bin/backtalk/cgitest/foo?barTry hitting these URLs with your browser.
http://your.host.name/cgi-bin/backtalk/pw/cgitest/foo?bar
http://your.host.name/cgi-bin/backtalk/adm/cgitest/foo?bar
The first URL is just to test that you can run CGI scripts and that your http server is vaguely sane. The output will look something like:
environment variables:If you instead only get an error message or no output at all, something is definitely wrong. The error messages displayed by the browser are often vague. Check the http server's error log for a more detailed message. If the cgitest program was not found, the log file will get the path name it looked at. Is the cgitest program there and correctly permitted? If it is looking under the document root, you may need to add a ScriptAlias for the `cgi-bin' directory (for Apache, this should be in the httpd.conf file.
HTTP_USER_AGENT=Mozilla/4.61 [en] (X11; I; Linux 2.2.12-20 i686)
PATH_INFO=/foo
PATH_TRANSLATED=/home/httpd/html/foo
QUERY_STRING=bar
REMOTE_ADDR=209.142.241.230
REMOTE_HOST=undefined
REMOTE_USER=undefined
SCRIPT_NAME=/cgi-bin/backtalk/cgitest
httpd id:
uid=99(nobody) gid=99(nobody) groups=99(nobody)
If you are seeing the contents of the cgitest program instead of its output, then Apache is not recognizing it as a CGI program and is just displaying the file instead of running it. Your server may be configured to require a .cgi suffix on CGI program files.
If it runs, you should confirm that
The second two URLs run the same test script, but authentication should be required for them. Your browser should pop up a login window, and the login ID 'cfadm' and the password you set during installation give you output similar to that shown above, except that REMOTE_USER should be 'cfadm'.
If you are not asked for authentication and REMOTE_USER is shown as undefined, then Apache is not recognizing the .htaccess file. Check that you have `AllowOverride AuthConfig' set for the cgi-bin directory.
Note that once you have authenticated, if you run the same program again, or another program in the same directory, you will not be asked to log in again. Your browser remembers your old authentication and automatically resends it. To log in as a different user, you need to exit and restart the browser. This is, in fact, the sole purpose of the `adm' subdirectory. With two links to Backtalk in directories with different AuthNames, it is possible for a person to be logged on simultaneously as two different users. This is especially useful for conference administrators, who may want to access the administration account without exiting their personal accounts. That's why the second directory is called `adm', though the link to Backtalk in there does not actually have any special administrative properties.