diff -Nur -x '*.orig' -x '*.rej' smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions
--- smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions	2008-12-05 03:39:10.000000000 +0100
@@ -0,0 +1,28 @@
+{
+
+use esmith::AccountsDB;
+
+sub getUsersList ($){
+        my ($panelName) = @_;
+        my $a = esmith::AccountsDB->open_ro || die "Error opening accounts db";
+        my @users = $a->users();
+        my @groups = $a->groups();
+        my @Users = ();
+        foreach my $user (@users){
+                my $panels = $user->prop('AdminPanels') || '';
+                push(@Users,$user->key) if ($panels =~ /^(.*,)?$panelName(,.*)?$/);
+        }
+        foreach my $group (@groups){
+                $panels = $group->prop('AdminPanels') || '';
+                        if ($panels =~ /^(.*,)?$panelName(,.*)?$/){
+                        my @members = split(/,/,($group->prop('Members') || ''));
+                        push(@Users,@members);
+                }
+        }
+
+        my %seen = ();
+        my $u = join (' ', grep { ! $seen{ $_ }++ } @Users);
+        return $u;
+}
+}
+
diff -Nur -x '*.orig' -x '*.rej' smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki
--- smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki	2008-11-27 04:53:06.000000000 +0100
+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki	2008-12-05 03:38:24.000000000 +0100
@@ -1,6 +1,7 @@
 
 Alias           /phpki        /opt/phpki/html/
 
+# Main access allowed for valid user
 <Directory /opt/phpki/html>
         AddType application/x-httpd-php .php
 	Options FollowSymLinks
@@ -13,7 +14,28 @@
         order deny,allow
         deny from all
         allow from 127.0.0.1
+	AuthName "PHPKI"
+        AuthType Basic
+        TKTAuthLoginURL /server-common/cgi-bin/login
+        require valid-user
+        SetEnv IMGHDR_SRC "/server-common/server-manager.jpg"
+        Satisfy all
 </Directory>
 
+# /ca is only allowed for admin and explicitely authorized users
+<Directory /opt/phpki/html/ca>
+	AuthName "PHPKI Admin"
+        AuthType Basic
+        TKTAuthLoginURL /server-common/cgi-bin/login
+        require user admin {getUsersList("phpki");}
+        SetEnv IMGHDR_SRC "/server-common/server-manager.jpg"
+        Satisfy all
+</Directory>
 
+# Disable access to /admin, which is used to configure user/password 
+# via an htaccess file
+<Directory /opt/phpki/html/admin>
+	order deny,allow
+	deny from all
+</Directory>
 
diff -Nur -x '*.orig' -x '*.rej' smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki
--- smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki	2008-11-27 04:44:09.000000000 +0100
+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki	2008-12-05 03:38:24.000000000 +0100
@@ -19,7 +19,7 @@
 
 
 my $q = new CGI;
-my $content="0; url=https://".$ENV {'HTTP_X_FORWARDED_HOST'}."/phpki";
+my $content="0; url=https://".$ENV {'HTTP_X_FORWARDED_HOST'}."/phpki/ca";
 $q->default_dtd('-//W3C//DTD XHTML 1.0 Transitional//EN');
 
 print $q->header ('text/html');