Course Outline

Offered by Networked Information Services

Instructor: Joe Winter (jwinter@bu.edu) or George Gaudette (gaudette@bu.edu)
Prerequisites: HTML: Introduction or equivalent knowledge. Dreamweaver: Introduction and an account on people.bu.edu, or access to a site on www.bu.edu, is recommended.
2 hours (45 minutes lecture, 60 minutes hands-on exercises, 5-minute break)

Introduction (10 minutes)

1. Why restrict access?
2. Format of .htaccess file for restricting access to directories and subdirectories
3. Supported software for editing .htaccess file
4. Supported browsers for authenticating at BU

Hands-on exercise: Touring restricted directories (5 minutes)

1. Browse to your practice account site on the Web using Internet Explorer or Netscape.
2. Using your BU login name and Kerberos password, attempt to authenticate to restricted directories in your practice site, noting where authenticating succeeds and fails.

Options (5 minutes)

1. BU Community
2. BU Departments
3. BU Status
4. BU Individuals
5. Specific Individuals Worldwide

Note: You can combine several options from the list above. However, you cannot combine the option for restricting access to specific individuals worldwide with any other option.

Hands-on exercise: Downloading and reviewing .htaccess files (15 minutes)

1. Connect to your practice site with Dreamweaver, using the practice account login name and password.
2. Download the practice site.
3. Set Dreamweaver's File Types preferences to use Dreamweaver to open .htaccess file.
4. Open and review the format of an .htaccess file.
5. If time permits, review other .htaccess files you downloaded from your practice site.

BU community option (5 minutes)

1. Kerberos method allows anyone with a BU login name and Kerberos password.
2. Domain method allows anyone using a computer on the BU network, including Dialup service.
3. Combining Kerberos and Domain method is usually best.

Hands-on exercise: Restricting to BU community (10 minutes)

1. Create an .htaccess file to restrict access to a practice directory so that any valid BU login name is allowed access.
2. Upload the file to a practice directory and test it using your BU login name and Kerberos password.
3. Modify the file you created previously to allow access from the BU network.
4. Restart your browser and test.

BU departments option (5 minutes)

1. Allows members of any specified BU departments
2. Departments determined by department ID (searchable in BU Directory)

Hands-on exercise: Restricting to specific BU departments (5 minutes)

1. Look up your department ID in the BU Directory.
2. Create and save an .htaccess file that allows only users who share your department ID.
3. Upload it to a practice directory and test, using your BU login name and Kerberos password.
4. Close and restart your browser and test access again using the practice account login name and password.

Break (5 minutes)

BU status option (5 minutes)

1. Allows anyone matching a specified BU status or substatus
2. Status: student, faculty, staff, guest
3. Substatus: research scientist, administrative staff, campus police staff, Building and Grounds staff, registered student

Hands-on exercise: Restricting to specific BU status (5 minutes)

1. Create a new .htaccess file to restrict access by BU status.
2. Upload the modified file to the practice site.
3. Restart your browser and test using your BU login name and Kerberos password.

BU individuals option (5 minutes)

1. Allows only specific BU login names
2. Not practical for large number of individuals

Hands-on exercise: Restricting to specific BU individuals, combining options (10 minutes)

1. Open the .htaccess file you used for restricting by BU status and modify it to include access for the practice account login name.
2. Save your modified file, upload it to a practice directory, restart your browser, and test using the practice account login.
3. Continue experimenting as time permits. For instance, add your department ID and change the allowed status so that it no longer matches your status. Then save, upload, and test using your BU login name and Kerberos password (restart your browser as necessary).

Specific individuals worldwide option (10 minutes)

1. This option allows access for anyone by means of non-BU, non-Kerberos login names & passwords (AuthType Basic). It cannot be combined with other options.
2. Format of .htaccess file differs from that of other methods: no <limit> tag, requires a path to a password file, and requires a description for the login box.
3. Requires that you create, record, and distribute login names and passwords
4. Requires using a command line program on acs3.bu.edu to generate passwords and to allow server to access the password file.

Hands-on exercise: Restricting to specific individuals worldwide (10 minutes)

1. Create and save an .htaccess file to allow access to individuals worldwide.
2. Upload the .htaccess file to your practice site.
3. Telnet to acs3.bu.edu to generate passwords for your login names.
4. Check the contents of the directory to confirm that a password file was generated.
5. Set the permissions correctly for the directory.
6. Test web access to the restricted directory using the login name and password you invented.

Supplementary Information: Summary of preparation and steps (not covered during class)

1. Choose from options for restricting access.
2. Obtain Tools: You can configure Dreamweaver to be a convenient platform for working on access-restricted sites. Otherwise, you will need a text editor (we recommend Notepad for Windows, BBEdit for Mac) and an FTP program such as AbsoluteFTP (Windows) or Fetch (Mac). For AuthType Basic, you will need to use Telnet or SSH for command line access.
3. Obtain information: If you're specifying individuals or departments who are allowed access, you'll need login names, BU status, department IDs, or all of these.
4. Follow steps for restricting access with options that use BU login names and Kerberos passwords for authentication or steps for restricting access to specific individuals worldwide.