Configuring a Password File for Authentication in PTC HTTP Server

Installation and Upgrade > Installation and Configuration Guide > Advanced Configurations > Configuring HTTP Server and Embedded Servlet Engine With Other Options > Configuring a Password File for Authentication in PTC HTTP Server

Although LDAP is a preferred means of password management as compared to using a password file, there are cases where the use of a supplementary password file is appropriate.

One example where a password file is useful is when a read-only LDAP directory (for example, a corporate directory) is used as the primary basis of authentication and some pseudo-users such as system administration are desired. Info*Engine can easily access information from multiple LDAP directories, but typical Web servers do not provide a means to authenticate a single resource (URL) using information in multiple LDAP directories. A solution to this issue is to define passwords for the few pseudo-users in a password file and point HTTP Server at the corporate LDAP for the remaining corporate users. HTTP Server can access information from multiple LDAP directories, but it is still possible to configure it to use a password file, if necessary.

Perform the following:

1. Execute the following :

HTTP Server

ant -f webAppConfig.xml addAuthProvider -DappName=<Web
application name> -DproviderName=<provider name for password
file>

For example,

ant -f webAppConfig.xml addAuthProvider -DappName=Windchill

2. Execute one of the following from <Apache_Home>/bin:

◦ If you are creating a password for the first time:

./htpasswd -c <Apache_Home>/conf/app-<webapp_name>-Passwd <username> <password>

◦ If you are creating a password for the second or subsequent time:

./htpasswd -b <Apache_Home>/conf/app-<webapp_name>-Passwd <username> <password>

For example,

./htpasswd -c /opt/hpws/apache/conf/app-Windchill-Passwd my_username my_password

3. By default the web server user may not have permissions to access <Apache_Home>/conf, the default directory for which the password file is configured. In order to allow the password file to be readable by the Apache process, the conf directory and the app-<webapp_name>-Passwd file must both be accessible to the web server user.

Make both the conf directory and the app-<webapp_name>-Passwd file accessible to the Apache user by doing one of the following:

◦ Change the permissions on the <Apache_Home>/conf directory and the app-<webapp_name>-Passwd file so the user ID the web server runs as has both read and execute permission.

◦ Change the group that Apache runs as to something Apache-specific, change the group ownership on <Apache_Home>/conf and the app-<webapp_name>-Passwd file to that group, and ensure that the group has access to <Apache_Home>/conf and the app-<webapp_name>-Passwd file.