Password protected Clutch


    May 22nd, 2008 | Tags: , , ,

    Some may find the need to manage or control their transmission downloads from the Internet and yet wish to restrict the Clutch web user interface to a handful of authenticated users. This section will guide you through the process of securing your Clutch interface with username and password.

    Before you continue, you should have already set up transmission for your DNS-313 or DNS-323 as well as the Clutch web user interface.

    Constructing the password generator

    Create a htdigest.sh file at /mnt/HD_a2/ with the following content. Simply type vi /mnt/HD_a2/htdigest.sh, press i and paste the following text in.

    #!/bin/sh
    user=$1
    realm=$2
    pass=$3

    hash=`echo -n “$user:$realm:$pass” | md5sum | cut -b -32`

    echo “$user:$realm:$hash”

    After pasting in the above text, press <Esc>, then followed by :wq and Enter to save the file.

    If you did it correctly, you should end up with a htdigest.sh file at /mnt/HD_a2/.

    Generating hash information for username and password

    In this case, we will be generating the necessary information for the username “clutch” with password “password” in the realm “Password Protected Area”. Generate the hash information by using the following command.

    / # sh /mnt/HD_a2/htdigest.sh ‘clutch’ ‘Password Protected Area’ ‘password’

    clutch:Password Protected Area:98616824633db75cb8d3a63d5c0658cb

    Storing the generated hash information

    We will store the generated hash information at /ffp/etc/lighttpdpassword

    / # echo “clutch:Password Protected Area:98616824633db75cb8d3a63d5c0658cb” >> /ffp/etc/lighttpdpassword

    Turning on authentication on your lighttpd

    Enable mod_auth in the server.modules chunk by removing the # at the start of the line.

    # “mod_trigger_b4_dl”,
    “mod_auth”,
    # “mod_status”,

    After the section on server.modules, add the following text:

    auth.debug = 2
    auth.backend = “htdigest”
    auth.backend.htdigest.userfile = “/ffp/etc/lighttpdpassword”

    auth.require = ( “/clutch/” =>
    (
    “method” => “digest”,
    “realm” => “Password Protected Area”,
    “require” => “user=clutch”
    )
    )

    Save the file.

    Testing your work

    Restart your lighttpd so that your new settings could be applied.

    / # sh /ffp/start/lighttpd.sh restart
    Stopping lighttpd
    Starting /ffp/sbin/lighttpd -f /ffp/etc/lighttpd.conf
    / #

    Surf to http://<NAS’s ip>:8080/clutch/ and it should prompt your for your username and password.

    Extra Information

    Adding additional users
    We can easily add another user “clutch2″ with password “password2″ in the same realm “Password Protected Area” by generating the hash information and adding to “/ffp/etc/lighttpdpassword”. You would need to reflect this addition by modifying the lighttpd configuration file (/ffp/etc/lighttpd.conf).

    auth.require = ( “/clutch/” =>
    (
    “method” => “digest”,
    “realm” => “Password Protected Area”,
    “require” => “user=clutch|user=clutch2
    )
    )

    Restart your lighttpd for it to recognize the new configuration with the following command

    / # sh /ffp/start/lighttpd.sh restart

    You can add more users by repeating the process.


    Share it on del.icio.us

    « new jedi knight with puny light sabre
    Smaller power adaptor for DNS-313 »

    8 responses

    1. Thanx for guide works great!

       
      dotcom May 29th, 2008 at 4:42 pm

    2. Hi andy,

      It’s me again. The above guide works great but it’s for one user name and password only. Can it be set to have multiple user names and passwords?

      Thanks.

       
      cheongseeker June 18th, 2008 at 1:37 pm

    3. cheongseeker,

      I’ve updated the guide to reflect how you can add additional users to the same realm.

       
      shadowandy June 18th, 2008 at 9:05 pm

    4. Hi andy,

      Thanks for the quick update. I followed the guide but it didn’t work. I edited the lighttpd.conf to include the additional user. Then went to create the hash information in the lighttpdpassword file.

      I even take a look in the lighttpdpassword file and confirm that the second user and password hash information is there.

      However, I cannot logon with the 2nd username and password. It is only possible to logon with the 1st username and password.

      Not sure where I had gone wrong.

       
      cheongseeker June 19th, 2008 at 1:58 am

    5. Hi andy,

      I found out my mistake. I didn’t look carefully at the code. I added “require” => “user=clutch|clutch2”

      instead of

      “require” => “user=clutch|user=clutch2”

      Now it is working. Great.

      Thanks a lot.

       
      cheongseeker June 19th, 2008 at 6:04 pm

    6. cheongseeker,

      Glad that it is working fine for you. You could look up the help for lighttpd to see the other configurable functions.

       
      shadowandy June 20th, 2008 at 9:32 am

    7. [...] Clutch защищен паролем. [...]

       
      DNS-323 или уничтожитель моих данных « Журнал Жетмэна July 21st, 2008 at 4:18 am

    8. [...] Clutch защищен паролем. [...]

       
      Журнал Жетмэна » Blog Archive » DNS-323 или уничтожитель моих данных August 7th, 2008 at 2:19 am

    RSS Feeds



    Treat shadowandy!


    Like to treat shadowandy a cup of Starbucks?

    Polls


    Which is your preferred SOHO networking brand?

    • D-Link (48%, 225 Votes)
    • Linksys (27%, 126 Votes)
    • Cisco (12%, 57 Votes)
    • Netgear (7%, 34 Votes)
    • Buffalo (2%, 9 Votes)
    • TRENDnet (1%, 6 Votes)
    • PCI (1%, 5 Votes)
    • Planex (1%, 3 Votes)

    Total Voters: 465

    Loading ... Loading ...


    Recent Comments



    Friend's Blog



    Interesting Links



    Previous Postings




    Copyright © 2005 - 2008 www.shadowandy.net  94 queries. 0.711 seconds.Go back up ↑