How to use PennKey accounts for authentication
Penn Weblogin (CoSign) is available for PennKey authentication. Penn Weblogin works on the following domains:
Note that it must be accessed via https://. Trying to access protected directories over http:// will return an error.
Create your .htaccess file
- Create a new file called ".htaccess" using your favorite text editor.
- The file should contain something similar to this:
Require user clifford marilyn
- Save the file and upload it to the directory you want to protect using your favorite FTP client (more info).
- Make sure your .htaccess file is readable by the web server. In most cases this will mean making it world readable (more info on changing permissions). For extra security, run the "chgrp-httpd" command mentioned below to give the web server read access to the directory while preventing anyone else from seeing into it.
Note: If you are comfortable using vi or emacs on the command line, it may be easier to create the file directly on the server.
Setting the directory permissions
Note: it is not advisable to use the chgrp-httpd script if you are protecting files in your CGI directory. Instead, chmod the protected directory to 711.
This final step is important to make make sure people with local accounts can't access your files via the unix file system. Set the correct permissions on your protected folder by running the following command from within the directory you want to protect:
Note: chgrp-httpd will only run on Eniac.
To let anyone with a valid PennKey account access the directory, use this:
After you have your '.htaccess' file in place, visitors will be prompted to login with their PennKey before your page loads. You can access the user's PennKey in your code via the Apache server-side 'REMOTE_USER' variable. For example, to print the authenicated user's PennKey using PHP, you can use somehting like:
Note: PennKeys are intended for authentication, not authorization, and are not restricted to any well defined group of people. They can be thought of as including everyone affiliated with Penn, plus people who were recently affiliated with Penn. "Affiliated" may include alums, spouses and children of faculty/staff, colleagues of Penn faculty, contractors and consultants, people who attended events on Penn campus, etc.
For more options of things to do with your htaccess file, please visit Apache's site.