This method transfers the username and the password in cleartext over the network (base64 encoded) and might result in security problems if not used in conjunction with a crypted channel between client and server.
The Digest method only transfers a hashed value over the network which performs a lot of work to harden the authentication process in insecure networks.
There are total three steps to configure Lighttpd secure digest authentication:
=> Setup username and password using htdigest (Apache program)
=> Configure lighttpd core directives
=> Apply restrictions to selected directories aka set password protected directory
Step # 1: Setup username and password using htdigest (Apache program)
Command htdigest is used to create and update the flat-files used to store usernames, realm and password for digest authentication of HTTP users. Genreal syntax is as follows:
htdigest -c /path/to/password/file 'Realm' username
For example add a user called tom:
# htdigest -c /etc/lighttpd/.passwd 'Authorized users only' tom
- -c: Create the /etc/lighttpd/.passwd
- /etc/lighttpd/.passwd: Password file name. It contain the username, realm and password. If -c is given, this file is created if it does not already exist, or deleted and recreated if it does exist.
- 'Authorized users only': The realm name to which the user name belongs
- tom: The user name (tom) to create or update in /etc/lighttpd/.passwd. If username does not exist is this file, an entry is added. If it does exist, the password is changed.
Step # 2: Configure lighttpd core directives
Open /etc/lighttpd.conf file.
# vi /etc/lighttpd.confMake sure mod_auth is loaded:
server.modules += ( "mod_auth" )Now, append following 3 lines:
auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/.passwd"
auth.debug = 2
Step # 3: Apply restrictions to selected directories aka set password protected directory
Let us say you would like to protect directory called /docs (http://domain.com/docs). Append following directives (/etc/lighttpd.conf file):
auth.require = ( "/docs/" =>
"method" => "digest",
"realm" => "Authorized users only",
"require" => "valid-user"
Save and close the file.
Restart the lighttpd:
# /etc/init.d/lighttpd restart
You can always find more debugging information in your error log file -/var/log/lighttpd/error.log:
# tail -f /var/log/lighttpd/error.log
Point a web browser to http://domain.com/docs/ or http://localhost/docs/ or http://ip-address/docs. You should be prompted for a username (for e.g. tom) and password (your password).
For additional security it is recommended that you use SSL configuration.