DAF 4.X Home Page

DAF Documentation Home

DAF Configuration Overview & Main Steps

Principally, DAF will handle all received HTTP authentication requests choosing the correct member list regarding which IP Address, Port Number and Host Header Name received the request and what access permissions were defined for the requested resource.

Web Hosts

Terms "Web Host" are widely used in DAF documentation and products. It refers to any combination of an IP Address, Port Number and Host Header Name. With DAF, it is possible to attach a member list to any different Web Host. When a member list is attached to a Web Host, all HTTP authentication requests received for this Web Host will be checked against the attached member list. If a Web Host is not attached to a member list, this site will act as if the DAF filter was not installed on the server.

User database

In this documentation, a "User database" refers to a text file or an ODBC source (MS Access file, SQL Server, Oracle...) which contains the full list of all members attached to a protected web site. A User database can be created and modified with any tool since only the resulting file or ODBC source will be used by DAF. Principally, it stores all logins, passwords and groups information of members of a Web site. Any combination of database types (ODBC, Text or Both) can be handled by DAF.

DAF User database

To be usable by DAF as a Web site members list, a "User database" must be attached to a "DAF User database." In short, a DAF User database is a specific object built around a User database. It stores as reference a "User Database" and several DAF specific settings.

In this documentation, terms "User database" and "DAF User database" are used indifferently because it usually refers to the physical user list (text or ODBC) and all DAF specific settings attached to it.

A "DAF User database" can be attached to one or several Web Hosts. A different "DAF User database" can be attached to any Web Host on the server.

Access Permissions

Aside from reading a web users database, DAF must handle access permissions as to which files or directories are granted/denied to which web users.

This is implemented using two mechanisms: "NT security" and "DAF File Access Controller." These two solutions can be used alone, separately or together.

NT Security

Since an NT account can be mapped to every Web user, the web site administrator can manage access to files or directories by granting access to all mapped NT accounts.

Remember that one single NT account can be mapped to thousands of web users. In that case, granting access for thousands of web users is done by setting permissions for only one NT user.

The main problem with NT security is that you need to set NT specific rights for the NT account which requires set access permissions. This is not impossible but rather time consuming to manage for the server administrator.

DAF File Access Controller (DAFAUTH.INI files)

The DAF File Access Controller is a DAF specific mechanism which uses a simple text file copied in each protected directory to set access permissions.

Main Configuration Steps

1. Create a user database.

This can be done with any tool. For example:

However, to be usable by DAF a user database should own a few specifics characteristics.

For instructions, refer to section Creating a Users Database with an ODBC Source or Text file.

2. Define Web Hosts

For each received HTTP authentication request, DAF will retrieve the IP address, Port Number and Host Header Name of the server to choose which user database should be checked.  Web Hosts are defined with the DAF Configuration Tool. For instructions, refer to section Web Hosts Configuration.

3. Create a DAF user database and Attach it to a Web Host

For instructions, refer to section DAF User Database and Web Host Configuration

4. Start the new DAF User database

To activate a new or modified DAF User database it is necessary to restart it.

For instructions, refer to page (Re)Start a DAF User Database.

Last update: Thursday, August 31, 2000 07:13