Department of Engineering

IT Services

Protecting WWW directories with PINs or RAVEN (CUED only)

PIN support was discontinued in September 2015.

Raven and PIN

If in your .htaccess file you have a line like

  CWAAuthClass pi

change it to

 
  CWAAuthClass rav

If you don't have the original line (it sets PIN authentication which is the default behaviour anyway), add the new line. Users should then get a form that will let them either use a PIN or use Raven. Note however that

  • it isn't possible to limit the access to specific users or years
  • it may open the pages to non-CUED members with valid Raven passwords

Raven-only

Members of staff can Raven-protect pages on www.eng.cam.ac.uk. The following would work for user xyz. Pages can be edited by mapping a Windows network drive to

   \\update-www.eng.cam.ac.uk\xyz

To limit access to a specified set of people, the .htaccess file should contain

AuthType Ucam-WebAuth
AADescription "insert_name_of_protected_resource_here"
AACookieKey "insert_random_string_here"
Require user spqr1 abc21 abc1001

To limit to anyone with a Raven account, use:

AuthType Ucam-WebAuth
AADescription "insert_name_of_protected_resource_here"
AACookieKey "insert_random_string_here"
Require valid-user

Allow access to groups of Raven users

This approach allows you to define groups of users in a .htgroup file, and then to define the access list for a page using those groups. The .htgroup file has the following format:

group1: abc21 spqr1
group2: abc1001

The .htaccess file can then use those groups like this (note that you need to specify the complete path to the .htgroup file):

AuthType Ucam-WebAuth
AADescription "insert_name_of_protected_resource_here"
AACookieKey "insert_random_string_here"
AuthGroupFile /complete_path/.htgroup
Require group group1 group2

On some of the centrally managed servers, there are group files that allow you to define access by administrative groups such as 'Department staff', or 'all members of the Department', where the group files are generated each night from the Departmental database, EDDA. On www and www-h the following ugrad groups are available - egt0, egt1, egt2, egt3, met1, met2. There's also cued_all for all the staff and students at CUED. You need to have

AuthGroupFile /etc/opt/web-world/conf/.htgroup

in the .htaccess file. If you want to use other groups, contact helpdesk to see whether a suitable group is available.