--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/README Mon Jul 18 16:44:13 2011 +0200
@@ -0,0 +1,31 @@
+Installation (on debian):
+
+ * install dependencies
+ # perl ./Build.PL && ./Build equivs
+ # dpkg -i libius-dav-htpasswd-perl-deps_*_all.deb
+ # aptitude install
+ # aptitude install apache2-mpm-itk sudo
+
+ * preinst
+ # mkdir -p $PREFIX/lib/ius-dav-htpasswd
+ # useradd -d $PREFIX/lib/ius-dav-htpasswd -m -r -U -s /bin/true ius-dav-htpasswd
+ # passwd -l ius-dav-htpasswd
+
+ * installation
+
+ # perl ./Build.PL && ./Build test && ./Build install
+
+ # visudo
+
+ [...]
+
+ ius-dav-htpasswd debian-lenny = (root) NOPASSWD: $PREFIX/bin/ius-dav-htuseradd, $PREFIX/bin/ius-dav-htuserdel
+
+ [...]
+
+ # $EDITOR /etc/apache2/sites-available/ius-dav-htpasswd # see ssl-vhost-apache-example.conf
+ # htpasswd [-c] $PREFIX/etc/ius-dav-htpasswd/htpasswd.admin ius-dav-htpasswd-admin
+ # htpasswd -c $PREFIX/etc/ius-dav-htpasswd/htpasswd.dav ius-dav-htpasswd-master # when using a master user
+
+ # ln -s /usr/local/bin/ius-dav-htuserexpiry /etc/cron.daily/
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ssl-vhost-apache-example.conf Mon Jul 18 16:44:13 2011 +0200
@@ -0,0 +1,62 @@
+# replace $PREFIX (usually with /usr or /usr/local)
+<IfModule mod_ssl.c>
+# note that you will need a wildcard certificate if you want namebased virtual
+# hosts + ssl
+<VirtualHost *:443>
+
+ DocumentRoot "$PREFIX/lib/ius-dav-htpasswd/cgi-bin"
+ AssignUserId "ius-dav-htpasswd" "ius-dav-htpasswd"
+
+ ServerAdmin webmaster@localhost
+ ServerName ius-dav-htpasswd.domain.tld
+
+ ErrorLog /var/log/apache2/error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/ius-dav-htpasswd.domain.tld/ssl_access.log combined
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/wildcard-certificate.pem
+ SSLCertificateKeyFile /etc/ssl/private/key-for-wildcard-certificate.pem
+
+ # SSL Protocol Adjustments:
+ # The safe and default but still SSL/TLS standard compliant shutdown
+ # approach is that mod_ssl sends the close notify alert but doesn't wait for
+ # the close notify alert from client. When you need a different shutdown
+ # approach you can use one of the following variables:
+ # o ssl-unclean-shutdown:
+ # This forces an unclean shutdown when the connection is closed, i.e. no
+ # SSL close notify alert is send or allowed to received. This violates
+ # the SSL/TLS standard but is needed for some brain-dead browsers. Use
+ # this when you receive I/O errors because of the standard approach where
+ # mod_ssl sends the close notify alert.
+ # o ssl-accurate-shutdown:
+ # This forces an accurate shutdown when the connection is closed, i.e. a
+ # SSL close notify alert is send and mod_ssl waits for the close notify
+ # alert of the client. This is 100% SSL/TLS standard compliant, but in
+ # practice often causes hanging connections with brain-dead browsers. Use
+ # this only for browsers where you know that their SSL implementation
+ # works correctly.
+ # Notice: Most problems of broken clients are also related to the HTTP
+ # keep-alive facility, so you usually additionally want to disable
+ # keep-alive for those clients, too. Use variable "nokeepalive" for this.
+ # Similarly, one has to force some clients to use HTTP/1.0 to workaround
+ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+ # "force-response-1.0" for this.
+ BrowserMatch ".*MSIE.*" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+
+ # local cgi scripts
+ <Directory "$PREFIX/lib/ius-dav-htpasswd/cgi-bin">
+ Order Deny,Allow
+ Deny from all
+ Allow from 127.0.0.0/8
+ AuthType "Basic"
+ AuthName "ius-dav-htpasswd"
+ AuthUserFile "/path/to/ius-dav-admin-htpasswd"
+ Require valid-user
+ SetHandler cgi-script
+ </Directory>
+
+</VirtualHost>
+</IfModule>