Two ways. There are two ways to do access control: by the location of the client and by the identity of the user operating the client.
Client location. There is a brief discussion of why this mechanism is fraught with difficulties caused by proxies and the like. Then the commands to implement it are covered.
User identity. There is a discussion of the Basic and Digest protocols for user identification. Access by user or group and user administration is then covered.
Raven. The University's Raven Web Authentication System is briefly described.
Mixed working. The mixed case of authorising passwordless access from within the institution but requiring authentication from outside will be given in detail.
Blocking names and directories. Application of access control to block access to files with particular names, and to entire directories, is discussed.
Now we move to the topic of access control. There are fundamentally two ways of doing this: by client location and client identity.
Client location involves specifying whether access is permitted based on the IP address or hostname of the client (i.e. browsing) system. When a request is received by the server the IP address from which the request was received is known. This address, or the hostname associated with it in the DNS, is checked against a set of rules to determine whether or not the request should be honoured.
Client identity involves challenging the user to quote some means of identifying him or herself before permitting access to the document requested. This has the advantage of dealing with proxies, but the disadvantage of requiring administration of the userids and passwords. A common compromise is to create a single userid and password for a set of pages and pass the pair on to anyone who needs access. This has the disadvantage that you don't know which of your users read the pages, but often you don't want to know.
To avoid the password administration problem, the Computing Service provides a central authentication system that web administrators can use if the want. This allows members of the University to identify themselves using a centrally administered user-id and password.