Skip to main content

Questions tagged [authorization]

The tag has no usage guidance.

Filter by
Sorted by
Tagged with
151 votes
5 answers
242k views

What is the difference between authentication and authorization?

Basic question from a novice: What is the difference between authentication and authorization?
user avatar
34 votes
5 answers
99k views

How do you force an update to a user's group membership in Windows 7?

I am writing a web application that uses .NET Windows Authentication and relies on a user's group membership to Authorize them to various areas of the website. Right now I'm on a dev machine that IS ...
kingdango's user avatar
  • 531
19 votes
5 answers
40k views

Kerberos Authentication for workstations not on domain

I have a base understanding of how Kerberos works in an Active Directory environment and the methods it uses to authenticate users and workstations onto the network, but my question is.. since ...
Eric's user avatar
  • 195
16 votes
4 answers
17k views

Linux Central Authentication/Authorization Methods

I have a small but growing network of Linux servers. Ideally I'd like a central place to control User Access, change passwords, etc... I've read a lot about LDAP servers, but I'm still confused about ...
Chris McBride's user avatar
15 votes
2 answers
10k views

Simple, centralized user management on a small LAN - NIS or LDAP?

I'm setting up a small LAN for my team. It will, for all intents and purposes, not be connected to any external networks. I would like it to have centralized control of user accounts (at least, I ...
einpoklum's user avatar
  • 1,744
10 votes
2 answers
48k views

How to debug Samba authorization (authentication) procedure

I'm running a small home network linux-based server which acts as an internet router, torrent client and file server. I have problems connecting Windows clients to server Samba shares ('user name or ...
mbaitoff's user avatar
  • 355
9 votes
2 answers
13k views

Admin password of MariaDb doesn't seem to work

I've just installed MariaDb on a fresh Ubuntu Gnome and ran mysql_secure_installation afterwards where I set a decent admin password, removed the anonymous user etc. Afterwards I realized some ...
suamikim's user avatar
  • 193
9 votes
1 answer
5k views

Mixing Subversion "SVNParentPath" and per-repository configurations?

Given a typical Subversion/Apache configuration using SVNParentPath, with repositories hosted under /svn/ like this: <Location /svn> DAV svn SVNParentPath /srv/source/svn/repos ...
larsks's user avatar
  • 45.6k
9 votes
2 answers
8k views

Connection error to mysql database

My application needs to do quite frequent connects to a mysql database on another machine. However I get frequent errors on connection; I can usually eventually connect but after many retries. The ...
Zitrax's user avatar
  • 804
8 votes
3 answers
403 views

Join ActiveDirectory (Win 2k8R2) to OpenDirectory(Snow Leopard)

The vast majority of questions and so on regarding the interoperability of Active and Open directories involves getting Mac clients to see an AD and auth against it. What we'd like to do is get a ...
Tom O'Connor's user avatar
  • 27.5k
7 votes
4 answers
44k views

How to allow a user in Nagios to view the status of some servers, but not disable/enable anything?

How to allow a user in Nagios to view the status of some servers, but not disable/enable anything?
Kazimieras Aliulis's user avatar
6 votes
1 answer
2k views

Started task in z/OS lacks RACF privileges

I wish to test a JDBC server implementation running under z/OS. The usual approach would be to define a JCL procedure and run this as a started task. The started task requires a user ID under which it ...
Achim Schmitz's user avatar
5 votes
3 answers
8k views

LDAP: entries for services?

(Apologies if I've got the terminology wrong, I'm fairly new to LDAP) I am setting up a local LDAP server (Apache Directory Server) with the following structure: o={my organization name} [...
Jason S's user avatar
  • 646
5 votes
1 answer
9k views

Passing Authorization Basic Headers Along in Proxy

I am currently trying to get a reverse/forward proxy to pass along the authorization headers to the target server. How would I go abou this? I have already looked at the below sources, and one of the ...
HSchmale's user avatar
  • 223
5 votes
1 answer
13k views

IIS 7 password protect folder and files

I am using IIS 7 and I would like sombody to tell me how to password protect a folder. And how would you get the username and password dialog to show when someone tries to download a file in that ...
shad's user avatar
  • 65
5 votes
1 answer
2k views

How to tweak Gnome user elevation in RHEL/CentOS

So I am attempting to tweak the way GNOME authenticates a desktop user for privileged applications. Out of the box it asks for the root password. For my deployment this is undesirable and I want it ...
ErebusBat's user avatar
  • 935
5 votes
1 answer
119 views

Multi-user bzr server

I'm currently investigating whether it is possible to serve bzr in a setup similar to what gitolite does for git. This means a single unix account, with different users managed via their ssh public ...
MvG's user avatar
  • 1,803
5 votes
0 answers
973 views

Samba authentication and LDAP

I have an OpenLDAP server that I use for authentication and authorization for various services. All users are of object type inetOrgPerson and my groups are groupOfNames. Now I want to configure ...
Chris's user avatar
  • 193
4 votes
2 answers
7k views

How to whitelist Authorization header in CloudFront custom Origin Request Policy?

I have created the following CloudFront Origin Request Policy: I need Authorization header (without Authorization header the AntiForgeryToken header is not forwarded) but I do not understand why ...
Hooman Bahreini's user avatar
4 votes
2 answers
292 views

Can I set up application specific passwords on Ubuntu?

I've got a Ubuntu virtual server that I use for webhosting and other stuff. I've been thinking about moving mail onto it, but I'd like to secure it more against the threat of losing my smartphone. ...
jldugger's user avatar
  • 14.5k
4 votes
1 answer
661 views

Require membership of more than one group in Apache

I would like to be able to do this: <LocationMatch ^/secret/(.+?)> <Limit GET> Require group member </Limit> <LimitExcept GET> Require group member Require ...
crb's user avatar
  • 8,008
4 votes
1 answer
233 views

SVNParentPath directory authorization

The question is a bit stupid but I can't get it sorted. I have a server with SVN that uses the SVNPath directive in httpd.conf and all works fine with path authorizations. Now I'm installing a second ...
James's user avatar
  • 203
4 votes
1 answer
2k views

Apache LDAP auth: denied all time

There is my config (httpd 2.4): <AuthnProviderAlias ldap zzzldap> LDAPReferrals Off AuthLDAPURL "ldaps://ldap.zzz.com:636/o=zzz.com?uid?sub?(objectClass=*)" AuthLDAPBindDN "uid=zzz,ou=...
Dee's user avatar
  • 81
4 votes
2 answers
1k views

Active Directory, Linux, and User Private Groups

We're in the process of moving from NIS on our Linux systems to binding everything to Active Directory. The NIS environment follows the common standard used by many Linux distributions that a user's ...
larsks's user avatar
  • 45.6k
3 votes
3 answers
1k views

Centralized Authentication Method

I have more than 1000 Linux/Unix(Solaris) servers in my network and I want to implement some kind of centralized login server. So that I create users on one server and he can able to login on any of ...
Ramesh Kumar's user avatar
  • 1,780
3 votes
2 answers
121 views

Access rights escalation requiring multiple sysadmin authorisation

I was just wondering if there is a way to give a user root access escalation on a *nix system, kind of like sudo, but which requires more than one sysadmin authorisation. I am thinking of something ...
sybreon's user avatar
  • 7,415
3 votes
1 answer
4k views

Using Windows Server, how do I schedule an hourly task that will call a URL WITH an authorization header?

I need to schedule a task that will call a given url hourly. The URL doesn't return anything so it is fairly simple HOWEVER this URL requires an authorization header: Authorization: Basic {SOME AUTH ...
Matt Cashatt's user avatar
3 votes
2 answers
295 views

Subversion authorization

I have installed Apache Subversion on my linux server under /var/svn Currently we are doing two projects in our company with 2 groups: The first group is using the Subversion under: https://www....
Karthick88it's user avatar
3 votes
1 answer
1k views

IIS 6 Denies access to the default document

I've got Windows Server 2k3 with IIS6 hosting a couple ASP.NET MVC 2 applications (.NET 4), all in the Default Web Site. Most of them simply use Integrated authentication, but a couple use forms as ...
yoozer8's user avatar
  • 322
3 votes
2 answers
4k views

ISA or IIS removing HTTP Authorization header when published

I am developing web api by using Asp.Net WebApi (RC) and passing user credentials via http "Authorization" header. I am getting trouble on receiving "Authorization" http header on server side. I am ...
user1589040's user avatar
3 votes
1 answer
867 views

What's the advantage of using Grouper over AD or LDAP?

I'm reading the documentation on Grouper, but I can't for the life of me figure out what the benefit of grouper is over storing groups in AD or LDAP. Can anyone shed light?
jldugger's user avatar
  • 14.5k
3 votes
1 answer
11k views

AuthorizedKeysCommand not getting executed

I'm trying to authorize SSH sessions using the AuthorizedKeysCommand in sshd_config. For some reason, the AuthorizedKeysCommand is not getting executed even though the SSH flow at least initiates the ...
shine's user avatar
  • 69
3 votes
5 answers
4k views

Active Directory Account locks for no apparent reason

I've been troubleshooting this problem for two years and it keeps coming back. Our Mac users authenticate to our Active Directory server which is running Windows Server 2008 Standard. One of the Mac ...
Kent's user avatar
  • 131
3 votes
1 answer
10k views

nginx auth_request how to return backend status code

when the backend proxy used in auth_request returns an error code different from 401 or 403, nginx is returning a 500 error code. The ngx_http_auth_request_module module (1.5.4+) implements client ...
jobou's user avatar
  • 193
3 votes
1 answer
587 views

Apache: Basic auth for root, host-restriction on directory

I want to restrict the access to my Apache HTTPD using basic auth for all files except those in a certain directory. The following works fine for setting up basic auth for the whole server: <...
Florian Brucker's user avatar
3 votes
0 answers
51 views

Windows Server - Protect websites with AD user

My question is a bit tricky to explain :) We have ASP.NET websites running on Windows Server 2012. Some websites use SqlServer authentication, others use Windows authentication, some don't have any ...
šljaker's user avatar
  • 129
3 votes
0 answers
2k views

Jenkins - Project based authorization and LDAP

Does anybody know if the Project-based Matrix Authorization Strategy is supposed to work with LDAP integration? There are several closed bug reports on JENKINS-2324 that say users don't need to have ...
quickshiftin's user avatar
  • 2,195
2 votes
3 answers
11k views

Quick way to password-protect Tomcat?

I'm looking for a quick way to protect a Tomcat instance and all webapps running on it, so that accessing any page requires credentials (simple username/passwd). I guess Realm is the "proper" way to ...
Jonik's user avatar
  • 3,061
2 votes
2 answers
25k views

How can one allow or deny an ssh login for a specific user(s) or group(s) on an sshd server?

How can one allow or deny an ssh login for a specific user(s) or group(s) on an sshd server? (I realize SE has similar questions, but not I could find any that address this specific point. All others ...
Johnny Utahh's user avatar
2 votes
2 answers
3k views

ssh: allow all users for one IP, and restrict to one user for public IP

I have a server on a VPN. This server has a public address and has a gitlab instance on it. I'd like to be able to connect with any ssh user from the VPN address, but restrict the access to the git ...
greg0ire's user avatar
  • 316
2 votes
1 answer
3k views

Allow access to one directory when all others require authorisation

I have an Apache config that restricts access to to a website, using the following code - <Directory /var/www/html/website/test/> AuthName "Dyne Drewett Test Site" AuthType ...
David Gard's user avatar
2 votes
1 answer
92 views

Resolve which public key user uses to access server

Is it possible to resolve, which public key is used to grant user access to a server? For example, there are 5 public keys stored in ~/.ssh/authorized_keys file. I'd like to know which key has the ...
hsz's user avatar
  • 259
2 votes
3 answers
10k views

How to keep Authentication header with redirect using NGINX ingress annotations

I have an nginx ingress controller for my kubernetes cluster. I have a need to add a permanent redirect to an ingress which I can successfully do with nginx.ingress.kubernetes.io/permanent-redirect: "...
G. Ball's user avatar
  • 131
2 votes
1 answer
3k views

Sudoers NOPASSWD how to grant access to a specific ln command

In /etc/sudoers I need to grant passwordless sudo for this command: /usr/bin/env sudo ln -nfs /home/deployer/apps/myapp_staging/shared/config/nginx.conf /etc/nginx/sites-enabled/ to the deployer ...
Darme's user avatar
  • 253
2 votes
1 answer
451 views

trac ignores svn authorization settings

I am using VirtualSVN + Trac-plugin on Windows for multi-projects. I have configured users and groups in VirtualSVN, so that only authorized users/groups can access specified resource. For instance: ...
stanleyxu2005's user avatar
2 votes
1 answer
2k views

How to tell Apache to reply with 403 instead of 401?

We have some rules for a subtree of Locations, which involve Require-ing ldap-group and expr-s. The user is duly challenged to supply login-credentials, which are verified. However, even when the ...
Mikhail T.'s user avatar
  • 2,411
2 votes
2 answers
4k views

Add printer as domain user in Windows 7

In Windows 7, one has to have (local) administrator privileges to install a printer driver, even when this printer is installed from one of the domain servers. The only 'solution' I've read so far is ...
jao's user avatar
  • 391
2 votes
2 answers
2k views

PAM dynamic LDAP Authorization with groups

At the moment my PAM is integrated through LDAP with a custom authentication stack in the /etc/pam.d/systhem-auth: auth required pam_env.so auth required pam_faildelay.so ...
LucaP's user avatar
  • 71
2 votes
2 answers
10k views

Authorization based on custom Header (Apache)

I have a service running behind a Apache Reverse-Proxy that uses the custom headers "username" and "role" to identify users and their role. I want Apache HTTPD to restrict access to to people whose ...
juo's user avatar
  • 33
2 votes
1 answer
225 views

Understanding AWS Cloudfront's origin access identifiers

I do not really understand the security behind AWS Cloudfront's OAI. The only thing it does is switch the bucket's domain. Instead of accessing the bucket with https://s3.amazonaws.com/[Bucket]/* it ...
Zaid Amir's user avatar
  • 179