GuardDog Requires WRAP Login

Summary

GuardDog is a tool designed to manage the access privileges of users for multiple areas (directories on the webserver).

Access to areas is controlled at both user and group levels. By adding a group to an area you subsequently give access to this area to all users that are a member of this group. It is still possible, however, to individually deny access to an area at the user level. When you deny a user access to an area, even if that user belongs to multiple groups that have access to this area, the user will still not be allowed to access this area. That is, user deny restrictions override group access privileges.

Overview of How GuardDog Works

GuardDog creates .htaccess files to define which users can access a webserver directory. Management of users and groups and their access to areas is a fundamental part of controlling access to an area, but before any restrictions will be in place, you must create a symbolic link to the .htaccess file that GuardDog generates and place this symbolic link in the webserver directory that is to be protected.

Once a symbolic link is created in the directory of the area to be protected, any changes made to the access privileges of this area in GuardDog will be reflected immediately. That is, you do not have to recreate the symbolic link or update any code in the protected area for the changes to go into effect.

Shibboleth Ready

GuardDog now offers two options for authentication, WRAP and Shibboleth. WRAP authentication will not be ported to Apache 2.4, so we recommend upgrading your existing areas to Shibboleth. It is important to note that Shibboleth requires HTTPS, which means you must be able to access your site using SSL. Read more about Shibboleth vs WRAP authentication.

User Information GuardDog User

Using another WolfTech created program called LDAPSurfer, once a night GuardDog finds every user in the university and proceeds to add them to it's database automatically. In addition to just adding the users to GuardDog, LDAPSurfer also adds and removes users from automatic groups where necessary, creates automatic groups, and updates the .htaccess files for your areas whenever necessary.

Since this entire process is automated, users cannot be manually added to the GuardDog. If there is a user who does not appear in GuardDog, please send an e-mail to the WolfTech Webmaster and the problem will be looked into. If you feel a user is either improperly excluded or included in a group, please contact that department's data manager.

Requesting Access

Before getting started with GuardDog, you'll need to have your virtual host set up. You can do so by contacting the WolfTech Webmaster at wolftech-webmaster@ncsu.edu. In the e-mail, please include the complete AFS path of your virtual host, as that will speed up the process. You will not be able to access any other areas of GuardDog until you have a virtual host set up.

Note: Before accessing any options within GuardDog, you must select which virtual host you would like to edit. If you do not have an virtual host, and would like to get one set up, please contact the WolfTech Webmaster at wolftech-webmaster@ncsu.edu.