The default ood-portal-generator configuration sets up the Apache configuration file to use HTTP Basic authentication to restrict access by looking up users in plain text password files.
# /etc/ood/config/ood_portal.yml --- auth: - "AuthType Basic" - "AuthName \"private\"" - "AuthUserFile \"/opt/rh/httpd24/root/etc/httpd/.htpasswd\"" - "RequestHeader unset Authorization" - "Require valid-user"
RequestHeader setting is used to strip private session
information from being sent to the backend web servers.
By default it will look up users in the following password file:
You can read about the basics of password files for more information on setting up this file.
The user name specified in the password file must correspond to a system user, but the passwords need not match.