on Research into Strategies for Implementation of Seamless Access for Saskatchewan
User Authentication in Libraries
"Libproxy is a simple rewriting
pass-through proxy system designed especially for libraries." Written by
Richard L. Goerwitz III. Also inlcudes an overview of other available
remote authentication methods.
Connections: Remote Users and Licensed Resources
Powerpoint slides from a presentation
by Leslie Diaz and Steve Hunt at the California Library Association Annual
Conference, Nov 5, 2001, Long Beach, Calif.
Presentations by Linda Winters,
Leslie Diaz and Steve Hunt at a CCL/CLA-Academic Section sponsored workshop,
held Friday, March 9, 2001 at Santa Ana College; Friday, March 16
at Laney College.
You Who You Say You Are?
Network Access Management in California
Community College Libraries. Prepared for the Glendale Community College
Library by Nancy Hunt-Coffey. Also available in PDF
- remote access
Authenticating off-campus users
to provide access to licensed databases. APLA conference session - June
2, 2001, Charlottetown, Prince Edward Island.
Authentication Concertation Day
Presentations from a concertation
day looking at issues surrounding authentication. The eLib Authentication
Concertation day took place at SOAS in London on 10th March, 1999. The
Electronic Libraries Programme (eLib) is funded by the Joint Information
Systems Committee (JISC)
Off-Net Access to Commercial Library Resources
By Mark Sheehan and Allen Porter.
This article was published in CAUSE/EFFECT journal, Volume 22 Number 2
of Access to Networked Information Resources (User Authentication)
Proposal by Council of Australian
University Libraries and Council of Australian University Libraries. The
aim of the proposal is to provide a common means of authentication and
authorisation to provide researchers with single signon access to a range
of networked information resources, independent of the researcher's location
and means of access to the network.
Servers in Libraries
Slides from presentations at LITA
Regional Institutes, results from a survey of web proxy servers in libraries,
and a solutions page, all by Peter Murray, Computer Services Librarian,
University of Connecticut School of Law.
URLs for Patron Access to Premium Databases
Discussion of use of scripts for
login and use of referral URLs as well as information of the approaches
favored by several database vendors.
Proxy Servers - Presentation to Spring 1999 CNI Meeting
Using Proxy Servers to Provide Authenticated
Access to Web Resources. By Jonathan Esterhazy, University of Manitoba
Libraries. See also his proxy-paper.pdf
Scripts for Access to Commercial Web Servers
Remote access authorization for
commercial databases requiring IP validation and username/password validation
-- Lynx URL rewriter in use at Texas Christian University, by Kerry Bouchard.
for Patron Remote Access to Electronic Resources
Powerpoint presentation and links
to code and examples. Presented at DRA Users' Conference, March 2000, by
Access to Licensed Databases for Remote Library Users
How Dan Lester does things right
at Boise State University.
a National Access Management System for Electronic Services
Article from D-Lib Magazine,
March 1998 by Norman Wiseman, University of Nottingham.
Complexity of Accessing Electronic Licensed Resources Using the WWW
Prepared by Linda Suk-Ling Murphy,
Health Sciences & Electronic Resources Librarian, University of California-Irvine,
Medical Center Library.
A Multithreaded HTTP Relay Server
A relay server that can ensure session
control for the basically stateless HTTP protocol and establish connections
with a designated remote database web server on behalf of library patrons,
with authentication. Code available on request from the author, Peter Zhang
of the University of Calgary.
project fact sheet
People & Resources Identification
for Distributed Environments (PRIDE) will develop a broker service to support
the identification and delivery of information services over the Global
Information Infrastructure (GII). The resulting PRIDE directory service
support authorisation, registration and cost recovery, plus integration
with other interfaces to library services which are essential in networked
service scenarios. A project of the Telematics for Libraries Programme
of the European Commission.
Issues for the Library Information Environment: Background and Technologies
A Powerpoint presentation, Vanderbilt
University, July, 1998.
Authentication and Authorization on the Web
Presentation from a Canadian Library
Association Preconference workshop, June 1998
Web Proxy Services Overview
Case Western Reserve University
Library presentation at the Innovative User's Group; 2-5 May 1998, by Peter
Murray, Library Systems Manager. Includes Perl scripts.
Ď98 Authentication & Security
Slides from a presentation at Access
'98, Oct. 2-4, 1998, Saskatoon, Saskatchewan, by George Machovec, Technical
Director, Colorado Association of Research Libraries. Also available
as a PPT
in Your Nighty
Discussion of authentication tools
from the Internet Librarian column in American Libraries, by Karen G. Schneider.
Security/Authentication Issues in
the CIC Virtual Electronic Library. Outlines the major network security
and authentication issues related to the CIC Virtual Electronic Library.
CIC is the is the academic consortium of the Big Ten universities and the
University of Chicago.
Authentication and Authorization in a Networked Library Environment
By George Machovec, Technical Coordinator,
Colorado Alliance of Research Libraries, November 1997.
The aim of the TOLIMAC project was
to develop a smartcard-based system for controlling access and managing
payment of electronic information products and networked services in a
library environment. Final Report of the TOLIMAC project (Total Library
Management Concept) which was funded under the Fourth Framework programme
Telematics for Libraries of the Commission of the European Communities
DGXIII. The project started on 16 October 1996 and ended on 15 June 1999.
Controlled Access to Network Digital Libraries in Europe
"The CANDLE Project will develop
an access management system for electronic journals to be used in libraries.
Features of the system will be: 1. Role based access control 2. Single
sign on 3. Subscription management 4. Detailed usage statistics"
Prepared by Darlene Fichter, Northern
Lights Internet Solutions Ltd. January 21, 1999.
Collection of Resources on Authentication
By Tom Klinger at Kent State University.
Catalogue of internet resources
on authentication from
& Authorization: a guide
Includes a resource directory, links
to twelve key studies, information on projects and initiatives and archived
discussions of the
authentication mailing list. The site is
maintained by Andrew Cox, researcher on the JTAP funded (627) Candle -
Athens Integration Project.
Library Authentication and Authorization Architecture
"Under DLF auspices, the California
Digital Library, Columbia University, JSTOR, and OCLC have developed a
protocol that enables an information resource provider to verify that a
user bearing a digital certificate has authority from a home institution
to use a requested resource. The prototype system developed combines the
use of X.509 digital certificates for authentication with a directory service
providing authorization to licensed resources based on user attributes."
See also this.
Progress in the UK
"A sound authentication system is
recognised to be a fundamental requirement of a distributed electronic
resource, and development of a suitable system is a high priority in the
UK. This paper describes the JISCís activities in the authentication field"
Progress in the US
"The growth in online services is
increasing the demand for authentication systems to manage access and improve
security for network users and network service providers. The paper provides
an overview of issues which are currently arising in the United States
in the area of authentication."
Authentication, and Authorization: Bibliography
Bibliography with links, compiled
by Keith Powell and Wayne Jones, from a presentation at the American Library
Association, Annual Conference, New Orleans, LA, June 27, 1999.
Access & Authentication
Slides from a presentation by Wally
Grotophorst, George Mason University, Dec. 9, 1997.
policies for access management
By William Yeo Arms, Corporation
for National Research Initiatives, Reston, Virginia. An article from
D-Lib Magazine, February 1998.
Proxying as a Solution to the Off-Site Web-Access Problem
This report outlines a simple solution
to the universal academic problem of off-campus access to on-campus (IP
restricted) Web-based resources. This solution costs little; requires
no special client software; works with a variety of authentication methods;
allows fine-grained control over what services can be accessed; and offers
both reasonable security and speed. By Richard Goerwitz, Brown University
Scholarly Technology Group, Providence, Rhode Island. Earlier versions
of this paper can be found
Digital Library Contents and Users Assuring Convenient Security and Data
By H. M. Gladney and J. B. Lotspiech,
IBM Almaden Research Center, San Jose, California. An article from
D-Lib Magazine, May 1999.
Authentication at Public Internet Terminals: Who Is Doing It?
A non-scientific email survey performed
by Eric Schnell (firstname.lastname@example.org) Last Updated: Friday September 04 1998.
SSSIG MIDWINTER 1999
Got Milk? Got Cookies? Got Authentication?
Management of Web-based Services An Incremental Approach to Cross-organizational
Authentication and Authorization
By Ariel Glenn and David Millman,
Columbia University, New York, New York. An article from D-Lib Magazine,
Authentication and Authorization for JSTOR
By Ira H. Fuchs, Chief Scientist,
JSTOR, Vice President for Computing and Information Technology, Princeton
University, September 3, 1998. See also JSTOR
Library WWW Servers
Libweb currently lists over 5500
pages from libraries in over 100 countries. Maintained by Thomas Dowling.
Useful for seeing how other libraries
have presented remote access authentication and resources to their users.
LibDex - the Library
Libdex is a worldwide directory
of library homepages, web-based OPACs, Friends of the
Library pages, and library e-commerce affiliate links. Currently
includes over 16,000 libraries. Edited and compiled by Peter Scott.
Useful for seeing how other libraries
have presented remote access authentication and resources to their users.
Search: library "off campus" database OR databases
Search: library proxy
A more efficient way to see what
other libraries are saying to their users about remote access.
Information on authentication for
Online Access and Authentication Policies
Information on authentication for
Academic Universe RPA
Getting Started with Remote Patron
University Authentication Projects
Information on a UCLA project to
authenticate users for access to network resources
Authentication projects at University
of California, Columbia University, University of Colorado, Boulder.
The aim of the University of California
Common Authentication Project (UCCAP) is to produce a UC Common Authentication
a UW Authentication & Authorization Infrastructure
Slides from a presentation at the
University of Washington, May 26, 1999.
in UK Higher Education Conference November 2nd 1999
Powerpoint presentations and links
from the Conference held at the Policy Studies Institute, London.
for Authentication, Authorisation and Privacy in Higher Education
Findings from the first stage of
the Study into the Requirements for Authentication, Authorisation and Privacy
in Higher Education, by John Leach.
University User Registration & Certificate Issuing System
JTAP-595. Leeds University Computing
Service and Leeds University Teaching & Learning Support Unit.
Proposal for Implementation at the
University of Connecticut Computer Information Systems, University
Computer Center, November 1997. See especially Appendix:
University Library Authentication Requirements
- University of Virginia Authorizing Proxy Server
Protected access to licensed resources
for authorized users, on-campus and off- A project at the University
of Virginia using Squid, MySQL and Perl for authentication access to resources.
A Model for an Enterprise-wide User
Authentication Service. January 18, 1998, April 8, 1998. By Michael
Grobe, Academic Computing Services, The University of Kansas. This document
discusses several aspects of user authentication for access to various
networked services at the University of Kansas.
Purpose: to define different levels
of information and associated access rights that will allow for an organized
growth of Intranet and Internet content at Embry-Riddle and standardize
on a limited set of authentication mechanisms to reduce administrative
overhead and improve usability of the web site.
University of Waterloo project for
identification and authentication. See Web/ID-AUTH:
Project Goals for a library-related component of this project.
CIC Authentication and Authorization Project (TRICAAP)
"TRICAAP will be used to demonstrate
an architecture which provides for security of content across multiple
environments and enables secure inter-institutional interaction without
dictating a specific technology implementation."
authentication on ColumbiaWeb
Documentation for Columbia University
authentication applications CHEESE, a script-based form of authentication,
and CheeseWhiz, which relies on the regular HTTP protocol.
Project at UC Berkeley to investigate
secure authentication of university community members for access to web
on Authentication and Web security
Reports prepared for the UK Joint
Information Systems Committee (JISC) on technologies to support authentication
in higher education. Including Technologies
to Support Authentication in Higher Education, Implementation
of JANET authentication and encryption services and Web
"EZproxy provides the easiest way
for libraries to extend web-based licensed databases to their remote users."
Obvia Remote Database
"The Complete Solution for all your
Remote Authentication Needs" A turnkey product for remote access
An integrated remote patron authentication
solution from EpixTech (formerly Ameritech) for customers of their Horizon,
Dynix, NOTIS LMS, and KeyNOTIS systems.
Athens - Access
"ATHENS is an authentication system
which allows control of access to online resources. ATHENS has been available
since early summer 1995 and is currently in use at over 2000 sites in the
Clarity is a web proxy based on
Authentication with AuthentiX
"Form-based or 100% cookie-free
'Basic Authentication' website protection while keeping your NT users names
and passwords private. Protect all files, not just ASP pages. Validate
against internal database, text file or external ODBC datasource."
Servers and You
Proxy servers work as a helpful
"middleman" or broker between you and your Internet connection. Although
a few people feel that proxy servers detract from the wide-open nature
of the Web -- and proxies do have their issues -- this type of Web server
provides some very useful networking functions.
to the WEB Proxy Server Information Page
What web proxy servers are and how
they work. The different types of proxies, and what they accomplish.
What proxies do and how do they do it.
Proxy Server Overview. Although
proxy servers have been around for a long time (since the early days of
the WAN), the Internet has transformed them. Where they were once an esoteric
server found in only the largest corporations, they are now to a critical
component of all but the smallest organizations with an Internet connection
(and these days some can even be found in private homes).
Client Autoconfig File Format
Describes the format for Proxy Auto-Config
Search: library proxy.pac
Want to see other libraries' proxy.pac
files? Enter the proxy.pac URL then open the file in Wordpad for
best results. This works in IE 5.5; Netscape 4.7 sends an error message
about an unrequested proxy configuration file.
A script written by Niall Doherty
that dynamically creates a proxy.pac file based on user IP address.
From the Squid users mailing list.
Proxy Auto-Discovery Protocol
IETF draft document describing the
Web Proxy Auto-Discovery Protocol (WPAD) which permits web clients
to locate nearby web proxy servers. Note: this draft expired 12/99 - for
informational purposes only.
Functions Supported by Internet Explorer
Q209266 from Microsoft Knowledge
Base. Includes PAC code examples. Covers IE 4 through 5.5.
Cisco Authentication Proxy
Describes the Cisco IOS Firewall
Authentication Proxy feature. Authentication proxy provides dynamic, per-user
authentication and authorization, authenticating users against industry
standard TACACS+ and RADIUS authentication protocols. Authenticating and
authorizing connections by user provides more robust protection against
network attacks. From the
Cisco IOS Security Configuration Guide, Release
Proxy Server Administrator's Guide Version 3.5 for Unix
Proxy Server Administrator's Guide for Windows NT
"Netscape Proxy Server is a high-performance
server software product. It is designed for replicating and filtering access
to web-based content." Includes sections on authentication.
DeleGate is a multi-purpose application
level gateway, or a proxy server which runs on multiple platforms (Unix,
Windows and OS/2). DeleGate mediates communication of various protocols
(HTTP, FTP, NNTP, POP, Telnet, etc.), applying cache and conversion for
mediated data, controlling access from clients and routing toward servers.
Created by Yutaka Sato.
Proxy Servers and Caching
Davison's Web Caching and Content Delivery Resources
This site is dedicated to providing
a comprehensive guide to the resources about and in support of caching
on the World Wide Web.
Includes an extensive list of proxy
cache systems and services.
Survey of Proxy Cache Evaluation Techniques
Proxy caches are increasingly used
around the world to reduce bandwidth requirements and alleviate delays
associated with the World-Wide Web. In order to compare proxy cache performances,
objective measurements must be made. In this paper, we define a space of
proxy evaluation methodologies based on source of workload used and form
of algorithm implementation. We then survey recent publications and show
their locations within this space. By Brian D. Davison, Department of Computer
Science, Rutgers, The State University of New Jersey.
Proxys 4 All
List of public proxy servers. Also
includes proxy auto config information, auto-proxy checker scripts, environment
checkers, and 'WebSpoof' an HTTP Referrer Spoofer.
The Cache Now! campaign is designed
to increase the awareness and use of proxy cache on the Web. Includes list
of proxy resources.
Performance Web Caching With Squid
This document explains in some detail
how to achieve high end performance from the excellent (but slow by default)
open source Squid web caching proxy. By Joe Cooper.
Internet Access With Squid
Using Proxy Servers To Restrict,
Log, And Accelerate Internet Access By Tim Orbaker, March 06, 2000.
the Web with Linux
Improve your users' browsing and
save your bandwidth by using proxy servers to cache web pages. By David
Guerrero, January 1999. Installing and using Squid, configuring browsers
to use cache. Cache hierarchies.
and Proxy Server HOWTO
This document is designed to describe
the basics of firewall systems and give you some detail on setting up both
a filtering and proxy firewall on a Linux based system. By Mark Grennan.
Proxy with Squid mini-HOWTO
This document provides information
on how to setup a transparent caching HTTP proxy server using only Linux
and Squid. By Daniel Kiracofe.
Squid Proxy Server
"Squid is a full featured web proxy
cache designed to run on Unix systems, free open-source software, the result
of many contributions by unpaid volunteers and funded by the National Science
Foundation. Squid supports proxying and caching of HTTP, FTP, and
other URLs, proxying for SSL, cache hierarchies, ICP, HTCP, CARP, cache
digests, transparent caching, WCCP (Squid v2.3), extensive access controls,
HTTP server acceleration, SNMP and caching of DNS lookups."
Frequently Asked Questions: Authentication
How does Proxy Authentication work
in Squid? How do I use authentication in access controls? Does Squid cache
authentication lookups? Are passwords stored in clear text or encrypted?
Introduction to setting up a Squid
server, with a section on authentication. From the ISPPlanet Cache Review
This SourceForge site hosts various
Squid development projects. The purpose of this site is to boost and open
up Squid development for features not yet ready to be merged into the main
Squid distribution. Anyone interested in developing some feature in Squid
are welcome to host their development here for sharing with other Squid
Add-ons for the Squid proxy cache
ACL Proxy Authentication with External Programs
This ACL Proxy Authentication with
External Programs patch implements proxy authentication as a normal ACL
and with external authentication programs which are allowed to block. It
is a generalization of my earlier patches which were based on the original
proxy_auth code provided by Jon Thackray <email@example.com>.
NTLM authentication project
The NTLM authentication project
aims at providing Microsoft NTLM proxy authentication support for Squid.
smb_auth is a proxy authentication
module. With smb_auth you can authenticate proxy users against an SMB server
like Windows NT or Samba.
Authentication for Squid
"Arjan de Vet has done a great job
devising a method to bind external authenticators into squid. Packaged
with Arjan's patch comes a password file authenticator for NCSA password
files. Based on this program I wrote my own little authenticator for LDAP.
ldap authentication module 0.2
The Squid LDAP authentication module
allows a Squid proxy server to authenticate against an LDAP server and
is a more flexible replacement for the LDAP authentication module supplied
with Squid. By Guy Antony Halse on October 19th 2000, 19:44 EST
Squid CVS repository for latest
versions of authentication modules.
and Group LDAP Authentication for Squid
This patch patches the Squid proxy
server to support static and dynamic LDAP group lookups when doing LDAP
Microsoft Proxy Server and Microsoft Internet Security
and Acceleration Server
"Microsoft Proxy Server 2.0 is an
extensible firewall and Web cache server that provides Internet security
while improving network response time and efficiency."
Internet Security and Acceleration Server
"Microsoft Internet Security and
Acceleration (ISA) Server 2000, the successor to Proxy Server 2.0, is an
extensible enterprise firewall and Web cache server that integrates with
Windows 2000 for policy-based security, acceleration, and management of
internetworking." See also the MS
TechNet ISA page and the docs
for the Enterprise Edtion.
Options and Limitations Using Proxy Server 2.0
Describes the options and limitations
for using authentication with Microsoft Proxy Server 2.0 and client Web
browsers. (Article ID: Q198116)
Microsoft Proxy Server 2.0
Discussion of proxy server features
and architecture, access control, encryption, and firewall strategies.
& Lybrand: Microsoft Proxy Server Security Evaluation
This case study presents the results
of tests designed to evaluate Microsoft Proxy Server security. Interconnectivity
security issues and the Microsoft Proxy Server features designed to address
these issues are presented. April 1997.
Microsoft Proxy Server
Explores some of the problems you
may run into when working with Microsoft Proxy Server. Several troubleshooting
topics are covered, including installation, configuration, error messages,
security issues, and client access problems.
Information Server and Authentication
Authentication & Security Features
Authentication and security features
of Microsoft Internet Information Server. (from the Microsoft Knowledge
IIS Authenticates Browser Clients
This article describes the different
authentication methods available in IIS for both Windows NT 4.0 and Windows
2000. Article ID: Q264921.
From Windows 2000 magazine, April
25, 2000, by Allen Jones.
to Authenticate a User Against All Trusted Domains
By default, Internet Information
Server (IIS) validates an unqualified user logon ID against either the
local computer's user database or the domain which the server is a member
of. This article describes how to configure IIS to validate the unqualified
user logon against all trusted domains and the user accounts database.
Article ID: Q168908.
methods in IIS5
Part of the excellent IIS-FAQ
site, which has many other articles on IIS
Methods in IIS
In IIS you can setup various authentication
methods for entire sites or virtual directories. These authentication methods
determine who can access the Web pages in the site/virtual directory. By
and Security White Paper for Internet Developers
Windows NT security as it relates
to Internet Information Server (from the Microsoft Knowledge Base)
Apache and Authentication
A brief survey of the authentication
methods available with the Apache web server. An emphasis on the practical
application of those methods, the addition of custom methods, some observations
on the security model, and resulting risks. Presenter: Reg
Quinton, University of Waterloo. Slides from a presentation at Access
99: The Web: Portal to Information, Monday, October 25 - Wednesday,
27 - Guelph, Ontario.
Covers web-based user authentication
using htaccess, a feature supported by Apache and other web server software.
Article on htaccess using Apache
from Apache Week
Article on htaccess using DBM under
Apache from Apache Week.
A chapter from the O'Reilly book
Apache Modules with Perl and C, by Lincoln Stein and Doug MacEachern.
Web Server -- Proxy Authentication Setup
Describes the steps required to
set up the Apache web server to function as an authenticated proxy, with
specific reference to the needs of the University of Waterloo Library.
Documentation for the Apache proxy
module from the Apache web site.
This module allows proxying of web
sites without any configuration changes on the client's part. The client
is simply pointed to a URL using this module and it fetches the resource
and rewrites all links to continue using this proxy.
Project Info - The Mod_Perl Rewriting Proxy
"This is a lightweight proxy, written
on Apache's Mod_Perl and designed for places where other proxies are unappliable
- mod_perl URL-rewriting proxy
"Apache::ProxyRewrite acts as a
reverse-proxy that will rewrite URLs embedded in HTML documents per apache
configuration directives. This module was written to allow multiple
backend services with discrete URLs to be presented as one service and
to allow the proxy to do authentication on the client's behalf."
Apache External Authentication Module.
Mod_Auth_External is a flexible tool for creating authentication systems
based on other databases.
Perl, CGI and Authentication
Modules Available on CPAN
CPAN is the Comprehensive Perl Archive
Network. Many of these modules related to authentication are written
to work with the Apache web server, and provide for support handling cookies,
NT authentication and more.
Short Guide to DBI
The Perl Database Interface Module.
About relational databases. About SQL. What DBI is for. Examples
and explanation of how to use DBI. By Mark-Jason Dominus.
DBI - A Database
Interface Module for perl5
"The DBI is a database interface
module for Perl. It defines a set of methods, variables and conventions
that provide a consistent database interface independent of the actual
database being used.''
Authentication Script Area
Scripts and instructions which depend
on the CGI-modules-2.75 library and work on Linux 2.0, Apache 1.1, Berkeley
DB and Perl 5.003, by Matthew Darwin at the University of Ottowa.
A Perl script that can be used to
provide authentication to numerous vendor databases with one userid/database
file, made available by its author, firstname.lastname@example.org
A set of Perl scripts for authentication
to databases using IP addresses or library user IDs, made available by
Keith Ostertag, ATS Coordinator, Dauphin County Library System.
and Track Users with PHP
An article from WebMonkey by Judy
to spoof HTTP_REFERER
How hard is it to fake a referral
URL or any other browser passed variable? Here is an example showing
how easy it is to do.
List of resources and tools on environment
variables from the CGI Resource
of CGI Environment Settings
Web browser environment variables
and how to access them, by Jon Hedley.
Wide Web Security FAQ
How to avoid security problems with
CGI scripts and htaccess. How to protect confidential documents at your
site. Safe scripting in Perl.
Information, documentation and tutorials
regarding CGI programming. Hundreds of pre-made CGI's written in Perl and
and CGI FAQ
"You can create a lot of magic by
writing a CGI program/script. You can create graphics on the fly, access
databases and return results and connect to other Internet information
- a Perl5 CGI Library
This Perl 5 library uses objects
to create web fill-out forms on the fly and to parse their contents. It
provides a simple interface for parsing and interpreting query strings
passed to CGI scripts. However, it also offers a rich set of functions
for creating fill-out forms.
SSL and Cookies
This document introduces the Secure
Sockets Layer (SSL) protocol. Originally developed by Netscape, SSL has
been universally accepted on the World Wide Web for authenticated and encrypted
communication between clients and servers. See also this Netsacpe
TechBrief on SSL.
Open Source toolkit for SSL/TLS
"The OpenSSL Project is a collaborative
effort to develop a robust, commercial-grade, full-featured, and Open Source
toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport
Layer Security (TLS v1) protocols as well as a full-strength general purpose
SSL / TLS
Overview by Dan Kegel. See
also his SSL Acceleration
Apache-SSL is a secure webserver,
based on Apache and SSLeay/OpenSSL. Not to be confused with mod_ssl.
mod_ssl: The Apache
Interface to OpenSSL
This module provides strong cryptography
for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols by the help of the Open Source
SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and
Tim J. Hudson. Not to be confused with Apache-SSL.
and Secure Servers
What SSL is and step-by-step instructions
on how to create and sign your own SSL certificate. Section from
a course on Web
Administration and Security, by Mark Burgess and Sigmund Straumsnes,
Unofficial Cookie FAQ
Cookies are a very useful tool in
maintaining state variables on the Web. Since HTTP is a "stateless" (non-persistent)
protocol, it is impossible to differentiate between visits to a web site,
unless the server can somehow "mark" a visitor. This is done by storing
a piece of information in the visitor's browser. From Cookie
Internet Cookies Work
Article from Howstuffworks, by Marshall
CGI Resource Index: Programs and Scripts: Perl: Cookies
Scripts to manipulate cookies in
2109: HTTP State Management Mechanism
This document specifies a way to
create a stateful session with HTTP requests and responses. It describes
two new headers, Cookie and Set-Cookie, which carry state information between
participating origin servers and user agents
LDAP and Kerberos
to LDAP under Linux
From Linuxfocus.org by Atif Ghaffar.
Introduction to LDAP
From the O'Reilly Network, by Luke
to Lightweight Directory Access Protocol (LDAP)
Q196455 from Microsoft Product Support
By Lars Pind, May 8, 2000.
LDAP Roadmap & FAQ -- Directory Services Information
A tutorial aid to navigating various
LDAP andX.500 Directory Services resources on the Internet. By
Q221606 from Microsoft Product Support
Free LDAP Browser/Editor provides
a user-friendly Windows Explorer-like interface to LDAP directories with
tightly integrated browsing and editing capabilities.
A list maintainted by eMailman.
Information about installing, configuring,
running and maintaining a LDAP (Lightweight Directory Access Protocol)
Server on a Linux machine is presented on this document.
This document describes the technical
aspects of storing application data in an ldap server. It focuses on theconfiguration
of various applications to make them ldap-aware. By Roel van Meer and Giuseppe
Deploying OpenLDAP - Directory Installation
and configuration (V1.2 and 2.0)
Microsoft document on LDAP, the
directory service protocol used by the Active Directory service.
OpenLDAP Software is an open source
implementation of the Lightweight Directory Access Protocol.
The perl-ldap distribution is a
collection of perl modules which provide an object orientated interface
to LDAP servers.
The Eudora LDAP Directory Server
is an LDAP v2 server for Windows NT 4.0 (Workstation or Server) available
in executable and source code form.
The Network Authentication Protocol
Kerberos is designed to provide
strong authentication for client/server applications by using secret-key
cryptography. A free implementation of this protocol is available from
the Massachusetts Institute of Technology. Kerberos is available in many
commercial products as well.
Overview of Kerberos User Authentication Protocol in Windows 2000
Q217098 from Microsoft Product Support
About the Windows 2000 Kerberos Implementation
Q248758 from Microsoft Product Support
to Frequently Asked Kerberos Questions
Q266080 from Microsoft Product Support
The Linux-PAM (Pluggable Authentication
Modules for Linux) project provides a way to develop programs that are
independent of authentication scheme. These programs need "authentication
modules" to be attached to them at run-time in order to work.
NT Authentication for Unix
pam_smb allows authentication of
Unix users against SMB servers (Windows NT and Samba servers, also Win
95). It runs under Linux, Solaris, HP-UX and FreeBSD. See also
NT Domain Authentication for Linux and Solaris
Based on pam-smb, this module allows
a Linux user to authenticate against an NT Server using the NT Domain Authentication
Authentication on the Web
Basic Access Authentication
HTTP 1.0 provides a simple challenge-response
authentication mechanism which may be used by a server to challenge a client
request and by a client to provide authentication information. From the
IETF Internet Draft.
Authentication: Basic and Digest Access Authentication
RFC 2617 provides the specification
for HTTP's authentication framework, the original Basic authentication
scheme and a scheme based on cryptographic hashes, referred to as "Digest
Access Authentication". It is therefore also intended to serve as
a replacement for RFC 2069.
Guide to Web Authentication Alternatives
Jan Wolter discusses the two standard
authentication systems which are described in the HTTP protocol documents:
"basic authentication" which is supported by most browsers and HTTP servers,
and "digest authentication" which isn't. He then descibes various
"do-it-yourself" alternatives to basic authentication.
With sections on authentication
and authorisation. By Andrew Cormack.
CNI Program on Authentication Authorization and Access Management
which includes A
White Paper on Authentication and Access Management, Clifford Lynch,
editor, Coalition for Networked Information.
Authentication Systems For The Web
"The rapid growth in Internet services
has led to a demand for scalable authentication systems to restrict access
to licensed services (such as bibliographical services, databases, etc.)
to authorised users. An increasing number of proprietary applications which
provide authentication services are available. However such applications
may only provide an interim solution, until authentication services based
on open protocols are available. This article reviews developments to such
open authentication protocols."
"This tutorial explains authentication:
What it is, how you work with it, and what options are currently available
to you." A different version of this document here.
Authentication Technology (cat) Charter
The goal of the IETF Common Authentication
Technology (CAT) Working Group is to provide distributed security services
(which have included authentication, integrity, and confidentiality, and
may broaden to include authorization) to a variety of protocol callers
in a manner which insulates those callers from the specifics of underlying
Agent Authentication Form Elements
Discusses problems with existing
methods of authentication and proposes a new HTML capability to aid in
the development of authenticated web user interfaces. Submitted for consideration
to the World Wide Web Consortium.
SRP: The Open-Source
Password Authentication Standard
"The Secure Remote Password protocol
is the core technology behind the Stanford SRP Authentication Project.
The Project is an Open Source initiative that integrates secure password
authentication into existing networked applications."
How the Microsoft Win32 internet
API handles http authentication. Basic, Challenge-response
and other types. Proxy servers.
"In the mainframe era, computer
users only had to remember one username and password as there was only
one computer to access. With the advent of networks, people suddenly acquired
many computing accounts each with a username and password to be remembered."
by Andrew Findlay, Head of Networking and Systems, Brunel University, London.
21 April 1999.