Chinaunix首页 | 论坛 | 博客
  • 博客访问: 845693
  • 博文数量: 116
  • 博客积分: 1472
  • 博客等级: 上尉
  • 技术积分: 1725
  • 用 户 组: 普通用户
  • 注册时间: 2011-02-06 11:45
文章分类

全部博文(116)

文章存档

2015年(1)

2014年(42)

2013年(5)

2012年(19)

2011年(49)

我的朋友

分类: LINUX

2012-02-05 09:21:51

    Lighttpd secure digest authentication (mod_auth)
 
    The method transfers the username and the password in cleartext over the network (base64 encoded) and might result in security problems if not used in conjunction with a crypted channel between client and server.
    The Digest method only transfers a hashed value over the network which performs a lot of work to harden the authentication process in insecure networks.
    There are total three steps to configure Lighttpd secure digest authentication:
=> Setup username and password using htdigest (Apache program)
=> Configure lighttpd core directives
=> Apply restrictions to selected directories aka set password protected directory
Step # 1: Setup username and password using htdigest (Apache program)
    Command htdigest is used to create and update the flat-files used to store usernames, realm and password for digest authentication of HTTP users. Genreal syntax is as follows:
           htdigest -c /path/to/password/file 'Realm' username
    For example add a user called tom:
  1. # htdigest -c /etc/lighttpd/.passwd 'Authorized users only' tom

Where,

  • -c: Create the /etc/lighttpd/.passwd
  • /etc/lighttpd/.passwd: Password file name. It contain the username, realm and password. If -c is given, this file is created if it does not already exist, or deleted and recreated if it does exist.
  • 'Authorized users only': The realm name to which the user name belongs
  • tom: The user name (tom) to create or update in /etc/lighttpd/.passwd. If username does not exist is this file, an entry is added. If it does exist, the password is changed.

Step # 2: Configure lighttpd core directives
    Open /etc/lighttpd.conf file.

  1. # vi /etc/lighttpd.conf

Make sure mod_auth is loaded:

  1. server.modules += ( "mod_auth" )

Now, append following 3 lines:

  1. auth.backend = "htdigest"
  2. auth.backend.htdigest.userfile = "/etc/lighttpd/.passwd"
  3. auth.debug = 2

Step # 3: Apply restrictions to selected directories aka set password protected directory
    Let us say you would like to protect directory called /docs (
). Append following directives (/etc/lighttpd.conf file):

  1. auth.require = ( "/docs/" =>
  2. (
  3. "method" => "digest",
  4. "realm" => "Authorized users only",
  5. "require" => "valid-user"
  6. )
  7. )

    Save and close the file.

    Restart the lighttpd:

  1. # /etc/init.d/lighttpd restart

    You can always find more debugging information in your error log file -/var/log/lighttpd/error.log

  1. # tail -f /var/log/lighttpd/error.log

    Point a web browser to or or . You should be prompted for a username (for e.g. tom) and password (your password).
For additional security it is recommended that you use SSL configuration.

阅读(1177) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~