Mt Xia: Technical Consulting Group

Business Continuity / Disaster Recovery / High Availability
Data Center Automation / Audit Response / Audit Compliance

Current Location



digg Digg this page Post to
Slashdot Slashdot it!

Automated AIX Deployment
Reduce your DC costs

Business Web Site Hosting
$3.99 / month includes Tools,
Shopping Cart, Site Builder

kshAuth - Authentication and Authorization Interface for Apache 2.2+ Web Server

Version 0.2

Installation instructions for kshAuth


  • kshAuth is being installed on a system that currently has Korn Shell 93 installed at "/usr/bin/ksh93".
  • kshAuth is being installed on a system currently running Apache 2.2+.
  • A document directory called "htdocs" exists on your Apache 2.2+ web server.
  • The "htpasswd" command exists at the location "/usr/sbin/htpasswd2".


  • Problems have been observed attempting to run kshAuth with Apache 2.2+ where the apache binaries have been installed from an "rpm" archive. It is recommended that Apache 2.2+ be compiled from source code for best results.

The kshAuth Directory Based Authorization System is distributed as a gzipped tarball and normally has a name such as:


Where X.XX represents the version number.

To extract the utilities contained in the gzipped tarball - perform these tasks in the following order:

  1. Login to the system hosting the Apache 2.2+ web server as "root".
  2. Download the gzipped tarball into the "/tmp" directory of the system running the Apache 2.2+ web server, where it is to be installed.
  3. Change to the top level Apache directory, this will be the directory immediately above the "cgi-bin" and "htdocs" directories. The example used in the remainder of this installation guide will be "/usr/local/apache2".
  4. Extract the gzipped tarball using one of the following methods:

    cd /usr/local/apache2
    gzip -cd /tmp/kshAuth-X.XX.tar.gz | tar -xvf -


    cd /tmp
    gunzip /tmp/kshAuth-X.XX.tar.gz
    cd /usr/local/apache2
    tar -xvf /tmp/kshAuth-X.XX.tar

  5. Determine the user and group associated with the Apache "httpd" processes:

    egrep 'User|Group' /usr/local/apache2/conf/*.conf

    For example purposes, the user "daemon" and the group "daemon" will be used in the following steps. Substitute this example user and group with your actual user and group name.

  6. Change the owner and group of all kshAuth files to your "httpd" user and group, also set the permissions as shown.

    cd /usr/local/apache2
    chown -R daemon:daemon ./kshAuth
    chown -R daemon:daemon ./cgi-bin/kshAuth
    chown -R daemon:daemon ./htdocs/kshAuth
    chmod -R 775 ./kshAuth
    chmod -R 555 ./cgi-bin/kshAuth
    chmod -R 775 ./htdocs/kshAuth

    The "./kshAuth" and "./htdocs/kshAuth" directories require "write" permission so the utilities can create/modify/delete password protection information.

  7. Modify the "httpd.conf" file to allow options to be overridded by the contents of the ".htaccess" file. Change the "AllowOverride" directive to "All"

    AllowOverride All

  8. Restart the Apache 2.2+ web server to activate the configuration changes.
  9. Place all content to be password protected under the directory:


  10. Perform test by accessing the kshAuth Utilities page:


    Where "localhost" can be replaced by the name of your Apache web server.

If the directory administrator password does not work, you may need to regenerate the directory administrator password files. To do this, change directories into the top level kshAuth authorization directory and run the following commands:

cd  /usr/local/apache2/kshAuth
/usr/sbin/htpasswd2 -c -b -s .diradmin   admin  password
/usr/sbin/htpasswd2 -c -b -s .AID_admin  admin  password


Change Top Dir
Look and Feel

Automated AIX Deployment
Reduce your DC costs

Business Web Site Hosting
$3.99 / month includes Tools,
Shopping Cart, Site Builder