Questions tagged [authorization]
The authorization tag has no usage guidance.
167
questions
151
votes
5
answers
242k
views
What is the difference between authentication and authorization?
Basic question from a novice:
What is the difference between authentication and authorization?
34
votes
5
answers
99k
views
How do you force an update to a user's group membership in Windows 7?
I am writing a web application that uses .NET Windows Authentication and relies on a user's group membership to Authorize them to various areas of the website. Right now I'm on a dev machine that IS ...
19
votes
5
answers
40k
views
Kerberos Authentication for workstations not on domain
I have a base understanding of how Kerberos works in an Active Directory environment and the methods it uses to authenticate users and workstations onto the network, but my question is.. since ...
16
votes
4
answers
17k
views
Linux Central Authentication/Authorization Methods
I have a small but growing network of Linux servers. Ideally I'd like a central place to control User Access, change passwords, etc... I've read a lot about LDAP servers, but I'm still confused about ...
15
votes
2
answers
10k
views
Simple, centralized user management on a small LAN - NIS or LDAP?
I'm setting up a small LAN for my team. It will, for all intents and purposes, not be connected to any external networks. I would like it to have centralized control of user accounts (at least, I ...
10
votes
2
answers
48k
views
How to debug Samba authorization (authentication) procedure
I'm running a small home network linux-based server which acts as an internet router, torrent client and file server. I have problems connecting Windows clients to server Samba shares ('user name or ...
9
votes
2
answers
13k
views
Admin password of MariaDb doesn't seem to work
I've just installed MariaDb on a fresh Ubuntu Gnome and ran mysql_secure_installation afterwards where I set a decent admin password, removed the anonymous user etc.
Afterwards I realized some ...
9
votes
1
answer
5k
views
Mixing Subversion "SVNParentPath" and per-repository configurations?
Given a typical Subversion/Apache configuration using SVNParentPath, with repositories hosted
under /svn/ like this:
<Location /svn>
DAV svn
SVNParentPath /srv/source/svn/repos
...
9
votes
2
answers
8k
views
Connection error to mysql database
My application needs to do quite frequent connects to a mysql database on another machine. However I get frequent errors on connection; I can usually eventually connect but after many retries. The ...
8
votes
3
answers
403
views
Join ActiveDirectory (Win 2k8R2) to OpenDirectory(Snow Leopard)
The vast majority of questions and so on regarding the interoperability of Active and Open directories involves getting Mac clients to see an AD and auth against it.
What we'd like to do is get a ...
7
votes
4
answers
44k
views
How to allow a user in Nagios to view the status of some servers, but not disable/enable anything?
How to allow a user in Nagios to view the status of some servers, but not disable/enable anything?
6
votes
1
answer
2k
views
Started task in z/OS lacks RACF privileges
I wish to test a JDBC server implementation running under z/OS. The usual approach would be to define a JCL procedure and run this as a started task. The started task requires a user ID under which it ...
5
votes
3
answers
8k
views
LDAP: entries for services?
(Apologies if I've got the terminology wrong, I'm fairly new to LDAP)
I am setting up a local LDAP server (Apache Directory Server) with the following structure:
o={my organization name} [...
5
votes
1
answer
9k
views
Passing Authorization Basic Headers Along in Proxy
I am currently trying to get a reverse/forward proxy to pass along the authorization headers to the target server. How would I go abou this? I have already looked at the below sources, and one of the ...
5
votes
1
answer
13k
views
IIS 7 password protect folder and files
I am using IIS 7 and I would like sombody to tell me how to password protect a folder.
And how would you get the username and password dialog to show when someone tries to download a file in that ...
5
votes
1
answer
2k
views
How to tweak Gnome user elevation in RHEL/CentOS
So I am attempting to tweak the way GNOME authenticates a desktop user for privileged applications. Out of the box it asks for the root password. For my deployment this is undesirable and I want it ...
5
votes
1
answer
119
views
Multi-user bzr server
I'm currently investigating whether it is possible to serve bzr in a setup similar to what gitolite does for git. This means a single unix account, with different users managed via their ssh public ...
5
votes
0
answers
973
views
Samba authentication and LDAP
I have an OpenLDAP server that I use for authentication and authorization for various services.
All users are of object type inetOrgPerson and my groups are groupOfNames.
Now I want to configure ...
4
votes
2
answers
7k
views
How to whitelist Authorization header in CloudFront custom Origin Request Policy?
I have created the following CloudFront Origin Request Policy:
I need Authorization header (without Authorization header the AntiForgeryToken header is not forwarded) but I do not understand why ...
4
votes
2
answers
292
views
Can I set up application specific passwords on Ubuntu?
I've got a Ubuntu virtual server that I use for webhosting and other stuff. I've been thinking about moving mail onto it, but I'd like to secure it more against the threat of losing my smartphone. ...
4
votes
1
answer
661
views
Require membership of more than one group in Apache
I would like to be able to do this:
<LocationMatch ^/secret/(.+?)>
<Limit GET>
Require group member
</Limit>
<LimitExcept GET>
Require group member
Require ...
4
votes
1
answer
233
views
SVNParentPath directory authorization
The question is a bit stupid but I can't get it sorted. I have a server with SVN that uses the SVNPath directive in httpd.conf and all works fine with path authorizations. Now I'm installing a second ...
4
votes
1
answer
2k
views
Apache LDAP auth: denied all time
There is my config (httpd 2.4):
<AuthnProviderAlias ldap zzzldap>
LDAPReferrals Off
AuthLDAPURL "ldaps://ldap.zzz.com:636/o=zzz.com?uid?sub?(objectClass=*)"
AuthLDAPBindDN "uid=zzz,ou=...
4
votes
2
answers
1k
views
Active Directory, Linux, and User Private Groups
We're in the process of moving from NIS on our Linux systems to binding everything to Active Directory. The NIS environment follows the common standard used by many Linux distributions that a user's ...
3
votes
3
answers
1k
views
Centralized Authentication Method
I have more than 1000 Linux/Unix(Solaris) servers in my network and I want to implement some kind of centralized login server. So that I create users on one server and he can able to login on any of ...
3
votes
2
answers
121
views
Access rights escalation requiring multiple sysadmin authorisation
I was just wondering if there is a way to give a user root access escalation on a *nix system, kind of like sudo, but which requires more than one sysadmin authorisation. I am thinking of something ...
3
votes
1
answer
4k
views
Using Windows Server, how do I schedule an hourly task that will call a URL WITH an authorization header?
I need to schedule a task that will call a given url hourly. The URL doesn't return anything so it is fairly simple HOWEVER this URL requires an authorization header:
Authorization: Basic {SOME AUTH ...
3
votes
2
answers
295
views
Subversion authorization
I have installed Apache Subversion on my linux server under /var/svn
Currently we are doing two projects in our company with 2 groups:
The first group is using the Subversion under:
https://www....
3
votes
1
answer
1k
views
IIS 6 Denies access to the default document
I've got Windows Server 2k3 with IIS6 hosting a couple ASP.NET MVC 2 applications (.NET 4), all in the Default Web Site. Most of them simply use Integrated authentication, but a couple use forms as ...
3
votes
2
answers
4k
views
ISA or IIS removing HTTP Authorization header when published
I am developing web api by using Asp.Net WebApi (RC) and passing user credentials via http "Authorization" header. I am getting trouble on receiving "Authorization" http header on server side. I am ...
3
votes
1
answer
867
views
What's the advantage of using Grouper over AD or LDAP?
I'm reading the documentation on Grouper, but I can't for the life of me figure out what the benefit of grouper is over storing groups in AD or LDAP. Can anyone shed light?
3
votes
1
answer
11k
views
AuthorizedKeysCommand not getting executed
I'm trying to authorize SSH sessions using the AuthorizedKeysCommand in sshd_config. For some reason, the AuthorizedKeysCommand is not getting executed even though the SSH flow at least initiates the ...
3
votes
5
answers
4k
views
Active Directory Account locks for no apparent reason
I've been troubleshooting this problem for two years and it keeps coming back. Our Mac users authenticate to our Active Directory server which is running Windows Server 2008 Standard. One of the Mac ...
3
votes
1
answer
10k
views
nginx auth_request how to return backend status code
when the backend proxy used in auth_request returns an error code different from 401 or 403, nginx is returning a 500 error code.
The ngx_http_auth_request_module module (1.5.4+) implements client ...
3
votes
1
answer
587
views
Apache: Basic auth for root, host-restriction on directory
I want to restrict the access to my Apache HTTPD using basic auth for all files except those in a certain directory.
The following works fine for setting up basic auth for the whole server:
<...
3
votes
0
answers
51
views
Windows Server - Protect websites with AD user
My question is a bit tricky to explain :)
We have ASP.NET websites running on Windows Server 2012.
Some websites use SqlServer authentication, others use Windows authentication, some don't have any ...
3
votes
0
answers
2k
views
Jenkins - Project based authorization and LDAP
Does anybody know if the Project-based Matrix Authorization Strategy is supposed to work with LDAP integration?
There are several closed bug reports on JENKINS-2324 that say users don't need to have ...
2
votes
3
answers
11k
views
Quick way to password-protect Tomcat?
I'm looking for a quick way to protect a Tomcat instance and all webapps running on it, so that accessing any page requires credentials (simple username/passwd).
I guess Realm is the "proper" way to ...
2
votes
2
answers
25k
views
How can one allow or deny an ssh login for a specific user(s) or group(s) on an sshd server?
How can one allow or deny an ssh login for a specific user(s) or group(s) on an sshd server?
(I realize SE has similar questions, but not I could find any that address this specific point. All others ...
2
votes
2
answers
3k
views
ssh: allow all users for one IP, and restrict to one user for public IP
I have a server on a VPN. This server has a public address and has a gitlab instance on it.
I'd like to be able to connect with any ssh user from the VPN address, but restrict the access to the git ...
2
votes
1
answer
3k
views
Allow access to one directory when all others require authorisation
I have an Apache config that restricts access to to a website, using the following code -
<Directory /var/www/html/website/test/>
AuthName "Dyne Drewett Test Site"
AuthType ...
2
votes
1
answer
92
views
Resolve which public key user uses to access server
Is it possible to resolve, which public key is used to grant user access to a server?
For example, there are 5 public keys stored in ~/.ssh/authorized_keys file. I'd like to know which key has the ...
2
votes
3
answers
10k
views
How to keep Authentication header with redirect using NGINX ingress annotations
I have an nginx ingress controller for my kubernetes cluster. I have a need to add a permanent redirect to an ingress which I can successfully do with
nginx.ingress.kubernetes.io/permanent-redirect: "...
2
votes
1
answer
3k
views
Sudoers NOPASSWD how to grant access to a specific ln command
In /etc/sudoers I need to grant passwordless sudo for this command:
/usr/bin/env sudo ln -nfs /home/deployer/apps/myapp_staging/shared/config/nginx.conf /etc/nginx/sites-enabled/
to the deployer ...
2
votes
1
answer
451
views
trac ignores svn authorization settings
I am using VirtualSVN + Trac-plugin on Windows for multi-projects. I have configured users and groups in VirtualSVN, so that only authorized users/groups can access specified resource.
For instance: ...
2
votes
1
answer
2k
views
How to tell Apache to reply with 403 instead of 401?
We have some rules for a subtree of Locations, which involve Require-ing ldap-group and expr-s.
The user is duly challenged to supply login-credentials, which are verified.
However, even when the ...
2
votes
2
answers
4k
views
Add printer as domain user in Windows 7
In Windows 7, one has to have (local) administrator privileges to install a printer driver, even when this printer is installed from one of the domain servers.
The only 'solution' I've read so far is ...
2
votes
2
answers
2k
views
PAM dynamic LDAP Authorization with groups
At the moment my PAM is integrated through LDAP with a custom authentication stack in the /etc/pam.d/systhem-auth:
auth required pam_env.so
auth required pam_faildelay.so ...
2
votes
2
answers
10k
views
Authorization based on custom Header (Apache)
I have a service running behind a Apache Reverse-Proxy that uses the custom headers "username" and "role" to identify users and their role.
I want Apache HTTPD to restrict access to to people whose ...
2
votes
1
answer
225
views
Understanding AWS Cloudfront's origin access identifiers
I do not really understand the security behind AWS Cloudfront's OAI. The only thing it does is switch the bucket's domain.
Instead of accessing the bucket with https://s3.amazonaws.com/[Bucket]/* it ...