DEV Community

nabbisen
nabbisen

Posted on

OpenBSD httpd: Basic authentication with htpasswd

#openbsd #httpd #basicauthentication #security

Summary

OpenBSD httpd supports basic authentication with htpasswd.
Here shows how to use it. Besides, the official documentation is here.

Tutorial

Assuming that:
the absolute path of our document root is /var/www/auth-trial.

Generate .htpasswd

First, generate .htpasswd:

$ doas htpasswd /var/www/auth-trial/.htpasswd <username>
Enter fullscreen mode Exit fullscreen mode

This command writes <username> (which is editable) and generated password for them, hashed by bcrypt, into .htpasswd file.
Now you can see:

$ doas cat /var/www/auth-trial/.htpasswd <username>:(...)
Enter fullscreen mode Exit fullscreen mode

It is important to confirm the web user running httpd daemon can read it:

$ doas chown www: /var/www/auth-trial/.htpasswd $ # the file generated above is writable by user $ doas chmod u-w: /var/www/auth-trial/.htpasswd  $ ls -l /var/www/auth-trial/.htpasswd -r-------- 1 www wheel 69 Aug 2 15:20 /var/www/auth-trial/.htpasswd
Enter fullscreen mode Exit fullscreen mode

Configure httpd.conf

Edit httpd.conf:

$ doas nvim /etc/httpd.conf
Enter fullscreen mode Exit fullscreen mode

in order to define authenticate in server section:

 server "(...)" { (...) + authenticate with "/auth-trial/.htpasswd"  root "/auth-trial" (...) location "(...)" { (...) } (...) }
Enter fullscreen mode Exit fullscreen mode

Restart the daemon:

$ doas rcctl restart httpd httpd(ok) httpd(ok)
Enter fullscreen mode Exit fullscreen mode

Done :)

Conclusion

Now you can see confirmation required:

confirmation

and access denied when the input is invalid:

unauthorized

Top comments (0)