Since school districts have hundreds of employees, it is easier to tap into
an already existing password file, rather than have the staff create new
usernames and passwords to use the homepage script. On our Linux server I
use the built-in htaccess feature to handle the authentication. The
htaccess file protects the folder holding the script. When a teacher tries
to access the script, htaccess prompts them for a username and password. I
then have configured the htaccess file to look at the already existing
password file on the server (which is also used for their email accounts)
and it authenticates them.
[...]
What I am wondering is if there is some kind of built-in authentication for
OSX. If so, where can I get more information on it? Does it sound like I
will be able to use it as I have done with the other operating systems (that
is point it to some already existing username/password system)?
OSX stores all user and password data (and a lot of other stuff) in the Netinfo
Manager database. You can export and import the data in standard unix format if
you wish though - see the manpages of nidump and niload for this.
If you're using a version prior Panther you can always get the complete passwd file with the command 'nidump passwd . >passwd' and use it for authentication.
As of 10.3.x (Panther) shadowed passwords are used, see http://www.macos.utah.edu/Documentation/macosx/security/passwd.html for more information about that.
Another hint might be the use of LDAP for authentication: http://www.macosxhints.com/article.php?story=20020902075936558
If that does not work, I also understand that Apache can be set up on an OSX
server. Is this correct? Would that be a reasonable solution to the
authentication problem, since then I could use htaccess as before?
Apache comes preinstalled - you can start it simply via the System Preferences
menu by selecting Sharing and turning on Personal Web Sharing. The configuration
is found in /etc/httpd/httpd.conf.
If it is an option to you, use the standard .htaccess mechanism and use htpasswd
for maintainance of the password file. See
http://httpd.apache.org/docs/programs/htpasswd.html
for more information about that.
HTH, Florian
