Kunaljain's Weblog

August 8, 2007

Lighttpd Setup Password Protected Directories(mod_auth)

Filed under: Lighttpd — Kunal Jain @ 08:48

Password Protected Directories

FIRST METHOD

Basic Authentication Method

Sample Setup

Domain Name : this.com

Directory To b Protected with a password : /home/www/vhost/that.com/http/document

UserName : kunal

Lighttpd Password File : /home/lighttpd/.passwd

-> Open /etc/lighttpd/lighttpd.conf

Load module mod_auth

Add the following Three Directives:

auth.backend = “plain”

auth.debug = 2

auth.backend.plain.userfile = “/home/lighttpd./passwd”

Where,

-> auth.backend = “plain” :- you are using plain text backend

-> auth.debug = 2 :- Specify debug level(0 turns off debug message, 1 for authentication ok message

and 2 for detailed/verbose debugging message)

-> auth.backend.plain.userfile = “/home/lighttpd/.passwd” :- Filename of the username:password

Next you have to find the virtual hosting section for domain “that.com” and append the following text

 auth.require = ( "/document/" =>
(
"method" => "basic",
"realm" => "Password protected area",
"require" => "user=kunal"
)
)

Where,

-> auth.require = ( “/document/” => :- Directory Name

-> “method” => “basic”, :- Authentication type

-> “realm” => “Password protected area”, :- Password realm/message shown on the password window

-> “require” => “user=kunal” :- only user kunal can use directory /document/

At the end your configuration should read as follows

$HTTP["host"] =~ "(^|\.)that.com" {
server.document-root = "/home/www/vhost/that.com/http"
server.errorlog = "/var/log/lighttpd/that.com/error.log"
accesslog.filename = "/var/log/lighttpd/that.com/access.log"
server.error-handler-404 = "/e404.php"
auth.require = ( "/document/" =>
(
"method" => "basic",
"realm" => "Password protected area",
"require" => "user=kunal"
)
)
)

Now create a password file

# vi /home/lighttpd/.passwd

Append username and password in .passwd file

kunal:yourpassword

where,

-> kunal :– is the name of the user. Dont use a system user stored in /etc/passwd file

-> yourpassword :- is the password for the user kunal

Save and Close file .passwd

#chown lighttpd:lighttpd /home/lighttpd/.passwd

Restart lighttpd server

# /etc/init.d/./lighttpd restart

Test Your Configuration in a web browser to http://this.com/docs/.

You should be prompted for a username and password.

SECOND METHOD

secure digest authentication(mod_auth)

Setup username and password using htdigest

# htdigest -c /etc/lighttpd/.passwd ‘Authorized users only’ kunal

where,

-> -c :- creates the /etc/lighttpd/.passwd if does not already exist, or deleted and recreated if it does exist

-> /etc/lighttpd/.passwd :- Password file name. It contains username, realm and password.

-> ‘Authorized users only’ :- The realm name to which the user name belongs

-> kunal :- The user name kunal to create or update in /etc/lighttpd/.passwd. if username does not exist in this file

an entry is added. If it does exist, the password is changed

Open /etc/lighttpd/lighttpd.conf

Load module mod_auth

Now, Append following 3 lines:

auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd.passwd"
auth.debug = 2

Next you have to find the virtual hosting section for domain “this.com” and append the following text

 auth.require = ( "/docs/" =>
(
"method" => "digest",
"realm" => "Authorized users only",
"require" => "valid-user"
)
)

At the end ur configuration should read as follows

 $HTTP["host"] =~ "(^|\.)that.com" {
server.document-root = "/home/www/vhost/that.com/http"
server.errorlog = "/var/log/lighttpd/that.com/error.log"
accesslog.filename = "/var/log/lighttpd/that.com/access.log"
server.error-handler-404 = "/e404.php"
auth.require = ( "/docs/" =>
(
"method" => "digest",
"realm" => "Authorized users only",
"require" => "valid-user"
)
)
)

Restart lighttpd

# /etc/init.d/./lighttpd restart

Test Your Configuration in a web browser to http://this.com/docs/.

You should be promted for a username and password.

Advertisements

4 Comments »

  1. how to get the promted username and password and display

    Comment by ragavs — December 22, 2009 @ 12:04 | Reply

  2. Its already mentioned in the syntax.

    Comment by j — December 24, 2009 @ 08:32 | Reply

  3. Hi,
    My web server is DNS-323 with fun_plug 0,5 and lighttpd. I have changed the lighttpd.conf to include the following:
    server.modules = (
    “mod_access”,
    “mod_auth”,
    “mod_fastcgi”,
    “mod_accesslog” )

    server.document-root = “/mnt/HD_a2/www/pages/”

    $HTTP[“url”] =~ “^/Yuemeng/” {
    auth.debug = 2
    auth.backend = “plain”
    auth.backend.plain.userfile = “/mnt/HD_a2/www/pwd/.pwd_Yuemeng”
    auth.require = ( “/Yuemeng/” =>
    (
    “method” => “basic”,
    “realm” => “Password protected area”,
    “require” => “user=TEST”
    )
    )
    }

    Only one line in the file /mnt/HD_a2/www/pwd/.pwd_Yuemeng
    TEST:xxyyzz

    The “Yuemeng” is sub directory of “/mnt/HD_a2/www/pages/”

    after restart lighttpd, I do got popup window asking for username and password,
    but entering the usename and passwod will not let me to got in the Yuemeng directory. after trying three times, It give me “401 – Unauthorized”

    I could not figure out what is wrong.

    I do not know my server has SSL support or not, Do I need SSL to make it wroks?

    Thanks.

    Comment by Charlie — January 6, 2010 @ 01:08 | Reply

  4. I have followed the tutorial and after entering my user name and password I receive “404 – Not Found”. I have a file in the directory and can’t figure out the reason for the error. I appreciate any help.

    Comment by newbie — October 8, 2010 @ 04:29 | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: