Project

General

Profile

This is a non-comprehensive example on how I set up basic auth on my lighty systems.

- Include the mod_auth module and the mod_authn* module that implements the auth backend. (e.g. mod_authn_file implements htdigest)

server.modules += ( "mod_auth", "mod_authn_file" )

- Set up the backend you want to use. I have:


 auth.backend                = "htdigest" 
 auth.backend.htdigest.userfile = "/etc/lighttpd/lighttpd.user" 

- To secure the sub directory "admin", as realm "Admin Realm" and allow only users named "firstadmin" and "secondadmin", a you say:


        auth.require = ( "/admin" =>
        (
                "method" => "basic",
                "realm" => "Admin Realm",
                "require" => "user=firstadmin|user=secondadmin" 
        )
        )

- If you want to allow any user that has a valid password in that realm, you can just say "valid-user" as the value of the require setting.

- Now you have to generate lines to put in the lighttpd.user file. This is the script I use to spit out the appropriate line format:


#!/usr/bin/perl

print "User: ";
$user = <>;
chomp $user;
print "Realm: ";
$realm = <>;
chomp $realm;

use Term::ReadKey;
{
  ReadMode('noecho');
  print "Password: ";
  $password = ReadLine(0);
  chomp $password;
  print "\nPassword again: ";
  $password2 = ReadLine(0);
  chomp $password2;
  ReadMode('normal');
  print "\n";

  if($password ne $password2)
  {
    print "Passwords don't match\n";
    redo;
  }
}

print "$user:$realm:";
open(MD5, "|md5sum | cut -b -32") or die;
print MD5 "$user:$realm:$password";
close(MD5);

- Don't forget that the realm name is important. You have to put the same one in the auth.require block as you do when you are creating the user's password line. This becomes part of the hash and must match!

- Then just take that text and append it into the lighttpd.user file.