i know that durring setup the installer asks for a mythweb password.
i need to change this password (i know i need to go to /var/www/ and run htdigest, but what file has the passwords?)
and if possible add more acounts

is it possible or me to limit the abilities of each account? say that some accounts can only schedule, some can only view the recorded programs in acertan group and others can do anything?

thanks for any input you can provide?

Not sure where the info is stored but you can explore the stuff that's done starting around line 308 of /usr/local/bin/KnoppMyth-run. Doing a "man htdigest" should provide more details...

i did that ...
it jsut explains the peramaters a little better.

apparently it works like htpasswd (but doset allow my the encryption options)
i can create a file and addusers and their passwords. but i need to know where the file is! you cant add user accounts to a file that you dont knwo where it is

i look arround in that path you provided ill see if i can see where its creating the file.

if anybody knows then please let me know!

edit::: ok i looked at that path. opened it in nano (nano is the best editior imho)
look for the word htdigest
and thers this part



sooo just run that as root and you will jav a prompt asking for the new passowrd! change the MythTV to a new user if you wish to.

and... is there a way that i can set permissions on a specific user?

is there any way that i can create user restricitons?
say that XXX user can only go to the recorded programs page
but user YYY can only schedule programs
and user ZZZ can do anything?

also...
is there any way i can use HTTPS ?
im looking arround in the httpd.conf but i do not see how to enable this.

thanks!!!

Well the man page should have told you that the last thing in that command was the user name. For a different user just pick a different name. Then the settings in /etc/mythtv/mythweb-htaccess.conf come into play. You'll have to look that up in the Apache documentation. At the moment it doesn't look like there's any easy segmentation of privileges. Basically once you're a valid user in the MythTV realm you can do anything within that.

thats what i figured, i jsut hoped that somebody might know of another way.

oh well. my one remaining question:

how can i force mythweb to use httpS ?

replace the http and https and it magically works on my R5B7 box. (thanks, its great when
things just work!)

A simple http rewite rule in your .htaccess file can send all the
http through https - if that is what you want.

Consult the great oracle (google) with "http rewrite https" for how to do it..

of course i tried to change from http to https... that did not work

i will consult the oracle asap. thanks!

for https to work, you may need to configure a separate port, the default https port is 448 (as the default http port os 80).

So assure that

A) you have an https port for your apache instance and
B) if the port is not 443 ensure that you include it on the URL


Darth_tater is dead on with the google search for SSL info. if your server is not currently listening on an SSL port, the online docs will help

_________________
R5F1 - Dell P4 2.4Ghz 500MB - PVR250 x 2 - GeForce FX 5200 - Onboard sound/NIC 80GB ATA/250GB ATA/400GB SATA

i have changed the default form 80 to 8085, i need to use httpS on 8085 as well
i need have ALL http requests for httP://myip
be redirected to httpS://myip

how can i do this?
and the rewrite mdule is already loaded, and turned on so what rule do i need? and where do i put it to have all httP:// requests sent to httpS://

thanks!

i found this rule (er example/rule?)

rewriteEngine On
rewriteRule ^/foo(.*)$ https://www.abc.com/foo$1 [R,NC]

and i think i fugures out what it kida means (ive never used apache B4... but now that i read up on it, DAMN its powerfull!!!)

hers what i have in my httpd.conf

rewriteEngine On
rewriteRule ^/(.*)$ https://MYIP:8085$1 [R,NC]

but when i try goin there i get an connection was reset error!

Problem with your rewrite rule is that port 8085 is not configured to accept https requests.

well, i'm more of a weblogic guy by trade. so I'm talking 'webserver generic' here.

You cant have http and https on the same port. Reading your posts seems you have http listening on 8085. So you are currently accessing via http://<ip>:8085/

If you congifigure 8085 to be https/SSL then you can't talk to that port with http any longer, guess that's ok. But I dont think you will be able to have http://<ip>:8085 bounce to https://<ip>:8085 on the same port. The initial request with http will not be understood when 8085 is configured with https.

You will either need two ports or you need adjust your link to be https for the initial hit. why not put the https service on say 8443?

https will take some figuring to setup...port config, certificates, etc. Not sure why you need SSL for mythweb, maybe tunnelling http traffic through an ssh tunnel will work for you.

I just started playing with that....very cool stuff.

http://mysettopbox.tv/phpBB2/viewtopic.php?t=10967&highlight=ssh+tunnel

_________________
R5F1 - Dell P4 2.4Ghz 500MB - PVR250 x 2 - GeForce FX 5200 - Onboard sound/NIC 80GB ATA/250GB ATA/400GB SATA

ok
... how do i tell it to A) disregard all http requests and take only httpS
or B) set httpS to be on a different port

edit: ok... after a bit more reading this isint something that i HAVE to have done (it would be nice) but its not a nessisity.

il put it on the back burner for now.
thanks for your hep!

do you access mythweb from the internet from more the one or two computers...If you are concerned about encryption you can do the following...

close port 8085 on your firewall (that is real secure)
open the ssh port (22 but default but can be changed)
install putty on PCs that you want to access apache via internet
setup a tunnel to map
http://localhost:80 to http://<LAN-ip-of-apache-server:8085
while putty session is running on internet PC enter this in browser
and you will see you mythweb frontpage.

all traffic is encrypted via SSH and tunnelled though the port 22 connection....very easy, very secure.

while your at it add a tunnel to the LAN side of your firewall by adding a config to map http://localhost:9999 to http://192.168.1.1.

That is an example, 9999 can ne any port and 192.168.1.1 is the LAN side of my router.

Pro to this setup is that only a single firewall poerr needs to be opened to the internet ( the ssh port, which you can select)

Con is that only PC with putty (or similar software) are installed and have tunnels configed can access your apache server...but that is in fact the source of the security.

the author of the link I posted gets the credit for the tunnel work, but I can help further if you want ot persue this scheme.

_________________
R5F1 - Dell P4 2.4Ghz 500MB - PVR250 x 2 - GeForce FX 5200 - Onboard sound/NIC 80GB ATA/250GB ATA/400GB SATA

i thought about a tunnel but in the end i access it most often from my internal network.

however, ther are times when i (and others) need to access it from outside the internal network.

lets say a friend missed an episode of <tvshow> and i happened to recoed it. ill give him/her a temp acount and a direct link to the <tvshow>.nuv file. i wanted to use SSH sut to help me feel a bit secure BC they (friendsfamily/me) could be accessing it from an unsecured (or poorly secured wireless network. IE wep) and in the SLIGHT chance that someone else happened to be sniffing/monitoring the traffic, i would be jsut that much more secure.

now that i think about it tho... its not at all likly. i mean, if i give a link 3-4 times a month what are the odds that they will be on a wireless network, thats being sniffed by someone who will care?

seems pretty remote now that i think about it. thanks for all your help!
now if only i could get putty on the computers at school! (cant put it on usb drive BC all we have are WYSE dumb terminals w/ the USB ports deadened )

Check out:

http://linuxmafia.com/ssh/java.html

there are other options -- just consult the great oracle ;) with something like "java ssh client"