Bug #194
closedI'm confused by authorisation... it looks as if it is buggy...
Description
I've installed lighttpd - and while mostly impressed I'm finding problems with authentication support. I've set up two websites using vhost: "extranet.mydomain.com" and "intranet.mydomain.com" - the idea being that extranet contains "public" information for which no password/username is required - whereas intranet requires a username and password (in future this page might be personalised.)
I've read authentication.txt and I'm still baffled... Here's the relevant bits from my configuration in lighttpd.conf
--
server.modules = (
"mod_access",
"mod_auth",
"mod_simple_vhost",)
--
...
--
auth.backend = "plain"
auth.backend.plain.userfile = "lighttpd.user"
auth.require = ( "intranet.mydomain.com/" =>
( "method" => "digest",
"realm" => "Intranet",
"require" => "user=fred" )
)
--
I placed lighttpd.user in /etc and it contains the single line "fred:foo" The docs don't tell me where to put lighttpd.user - so I guessed.
With this configuration, neither site asks for a password. If I replace "intranet.mydomain.com/" with "/" both sites ask for a password... but neither will accept "fred" password "foo". Then, if I change "digest" to "plain" then I don't get asked for a password for either site but get "Access denied" immediately.
Have I discovered bugs - or is this a confiiguration problem? I'm using version 1.3.10 - the latest from Gentoo Portage.
Updated by jan over 19 years ago
- Status changed from Assigned to Fixed
- Resolution set to invalid
You have to specify absolute filenames and a host-conditional.
$HTTPhost == "intra.example.org" {
auth.backend = "plain"
auth.backend.plain.userfile = "/etc/lighttpd.user"
auth.require = ( "/" =>
( "method" => "digest",
"realm" => "Intranet",
"require" => "user=fred" )
)
}
Also available in: Atom