Turning on authentication in lighttpd

Some of us access our DNS-323 over the Internet and would find the need to put some form of restriction on what users should access and what they shouldn’t.

For me, I have project related folders as well as private folders such as clutch (for transmission). Hence I would like to password protect them. Only users with a valid username and password should access these protected shares.

In this example, I will setup password authentication for my clutch directory.

Some basics
There are several ways to authenticate a user. One of the ways would be using username and password authentication. Some method of authentication stores username and password in clear while some are hashed. For this guide, we need username, password and realm.

Password Generator
Create a htdigest.sh file at /mnt/HD_a2/ with the following content. Simply type vi /mnt/HD_a2/htdigest.sh, press i and paste the following text in.

After pasting in the above text, press <Esc>, then followed by :wq and Enter to save the file.

If you did it correctly, you should end up with a htdigest.sh file at /mnt/HD_a2/.

Generating the username and password
Let’s say we are trying to generate information for the user “clutch” with password “password” in realm “Password Protected Area”. You would generate the required information by the following command.

/ # sh /mnt/HD_a2/htdigest.sh ‘clutch’ ‘Password Protected Area’ ‘password’
clutch:Password Protected Area:98616824633db75cb8d3a63d5c0658cb

Just a note, realm is used in the process of generating the password hash.

Storing the generated password
We will store the generated information at /mnt/HD_a2/fun_plug.d/etc/lighttpdpassword

/ # echo “clutch:Password Protected Area:98616824633db75cb8d3a63d5c0658cb” >> /mnt/HD_a2/fun_plug.d/etc/lighttpdpassword

Turning on authentication for lighttpd
We would need to enable mod_auth and add in some configuration strings to enable password authentication for the /clutch/ directory. Add the following text after the server.modules chunk.

Edit lighttpd.conf at /mnt/HD_a2/fun_plug.d/etc/

Save the file.

Testing it
Before you can actually use password authentication, you would need to restart your lighttpd. You can do it by calling lighttpd.sh or simply restart your DNS-323 if you had configured it to autostart.

 

Treat shadowandy!

If these step-by-step guides have been very helpful to you and saved you a lot of time, please consider treating shadowandy to a cup of Starbucks.  

9 thoughts on “Turning on authentication in lighttpd

  • March 19, 2008 at 7:03 pm
    Permalink

    Hi shadowandy,
    This is exactly what I was looking for, thanks very much.
    one small thing I noticed, in the “Generating the username and password” section
    you had:-
    / # sh /mnt/usb_1/htdigest.sh ‘clutch’ …
    it should be:-
    / # sh /mnt/HD_a2/htdigest.sh ‘clutch’ …
    Guess you have modded the USB to take memory stick too!
    It works perfect for me. I’m glad you have a dns-323 too.
    Cheers.

  • March 19, 2008 at 9:27 pm
    Permalink

    indexmonkey,

    Thanks for pointing it out! Yeap! I am running stuffs off my usb 😉

  • March 21, 2008 at 5:09 pm
    Permalink

    Hi
    thanx for this guide got it working 🙂
    if i want to add another folder to protect ill just add another auth.require frase or?

  • March 21, 2008 at 5:55 pm
    Permalink

    dotcom,

    Nope. Just a

    “/folder/” =>
    (
    “method” => “digest”,
    “realm” => “Password Protected Area”,
    “require” => “user=clutch”
    )

    within the auth.require will do.

  • May 17, 2008 at 1:19 am
    Permalink

    Got this working with DNS-323 and fun-plug v0.4 but couldn’t get ssl working. Any suggestions? I finally figured out that the compiled version (using lighttpd -v) didn’t show the “SSL” part of the version. Does anyone have a compiled version of lighttpd with ssl features?

  • June 4, 2008 at 2:58 am
    Permalink

    hi guys,
    this is a stupid question, I’m kinda new to this so what can you do? 🙂

    Just wondering, is this authentication meant for the the LIGHTTPD webserver i.e. so you can prompt for login details when users try to access a certain link on the HTTP server?

    I tried this & created a folder in /mnt/HD_a2/www/clutch and put a HTML file in there… after restarting the LIGHTTPD and trying to access that file, no prompts came up for login details… any ideas?

  • June 4, 2008 at 7:20 am
    Permalink

    Johnny,

    Have you enabled the lighttpd module that takes care of authentication stuffs (mod_auth)?

  • June 4, 2008 at 9:46 pm
    Permalink

    Ah ha! thanks ShadowAndy. Maaan… slap me with a cold fish

  • June 17, 2008 at 11:03 pm
    Permalink

    Hi, just want to ask a dumb question:

    During the generation of a password, there is a mention of some alpha-numeric data:

    98616824633db75cb8d3a63d5c0658cb

    Will the be the password for user clutch if he accesses the protected web site afterwards?

Comments are closed.