# htt.conf sample file. ## NOTICE to TCP wrapper users: ## This file controls the aceess to htt_server(htt). ## But by default, htt is linked with libwrap, therefore ## htt is controled by hosts_access(5) as well. Because the ## service name is "htt", the following entry in the hosts_access: ## htt : ALL : deny ## denies any accesses to htt_server(htt). # ## NOTICE to PAM users: ## htt uses PAM in order to check user's account and password if it ## is enabled. But in many environments, PAM authentications are ## disabled for unregisterd services by default. In this case, ## you have to register "htt" service to the PAM configuration of your ## system. ## When AllowSystemUser directive is "password", "account" and "auth" ## modules are used for authentication. When the directive is "permit", ## "account" modules are used. Thus, whether the system requires ## password checking depends also on the configuration of PAM. ## ListenAddress
#
:= [":" ] # # "ListenAddress" directive specifies local address where # htt_sever listens. Note that it can listen on multiple # addresses by specifying multiple "ListenAddress" directives. ListenAddress localhost:9010 #ListenAddress localhost:9011 ## DefaultPermission (permit|checkuser|password|deny) # # "DefaultPermission" directive specifies the default permission. # It is applied if the access dose not match with any patterns of # "AccessControl" derectives. # permit ..... Permit the access. htt does not require any other # authentications. # checkuser .. htt requires a valid username. # password ... htt requires a valid username and password. # deny ....... Deny the access. DefaultPermission checkuser ## AccessControl (permit|checkuser|password|deny) # := | | # := 3*(IPv4Addr_pe ".") IPv4Addr_pe ["/" DIGITS] # := 7*(IPv6Addr_pe ".") IPv6Addr_pe ["/" DIGITS] # IPv4Addr_pe := 1*3DIGIT # IPv6Addr_pe := 1*4HEX # DIGIT = "0" | "1" | ... | "9" # HEX = "0" | "1" | ... | "9" | "a" | ... | "f" # := *( ".") # := *( # | "*" | "$$" | "$(" ")" ) # := "DOMAINNAME" | "HOSTNAME" # # "AccessControl" directive controls the access by the clients' hostname # or network address. When the client hostname or address matches with the # specified , htt applies this directive. htt starts matching # operations in the order of "AccessControl" directives. # permit ..... Permit the access from the specified clients. # htt does not require any other authentications. # checkuser .. htt requires a valid username from the specified clients. # password ... htt requires a valid username and password. # from the specified clients. # deny ....... Deny all the accesses from the specified clients. # # "*" is a wild card character that matches any string. # $(HOSTNAME) in is replaced with the hostname where htt runs. # $(DOMAINNAME) in is replaced with the domainname where htt runs. # "$$" is replaced with "$". AccessControl permit 127.0.0.1 #AccessControl permit *.$(DOMAINNAME) #AccessControl permit 172.16.0.0/16 #AccessControl password *.foo.com #AccessControl deny *.bar.com ## AllowSystemUser (permit|password|deny) # # "AllowSystemUser" directive controls whether htt allows system's user # to access the server. # permit ..... Permit the access of system's user. htt dose not require # any passwords. # password ... Permit the access of system's user if the user sends a # valid password. # deny ....... Deny the access of system's user. AllowSystemUser password ## UserPermission (permit|password|deny) [:] # # "UserPermission" directive controls the specified users' permission. # must be a valid username. # must be a valid password entry encrypted by crypt(). # If the system dose not support crypt(), all password matchings fail. # permit ..... Permit the access of the specified users. htt dose not require # any passwords. # password ... Permit the access of the specified user if the user sends a # valid password. # deny ....... Deny the access of the specified users. #UserPermission password guest1:/a6BKSXLLSgPE guest2:/a6BNlakdSgPE #UserPermission permit test #UserPermission deny root