OpenBSD httpd: Basic authentication with htpasswd

nabbisen

nabbisen

Posted on August 2, 2021

OpenBSD httpd: Basic authentication with htpasswd

Summary

OpenBSD httpd supports basic authentication with htpasswd.
Here shows how to use it. Besides, the official documentation is here.

Tutorial

Assuming that:
the absolute path of our document root is /var/www/auth-trial.

Generate .htpasswd

First, generate .htpasswd:



$ doas htpasswd /var/www/auth-trial/.htpasswd <username>


Enter fullscreen mode Exit fullscreen mode

This command writes <username> (which is editable) and generated password for them, hashed by bcrypt, into .htpasswd file.
Now you can see:



$ doas cat /var/www/auth-trial/.htpasswd
<username>:(...)


Enter fullscreen mode Exit fullscreen mode

It is important to confirm the web user running httpd daemon can read it:



$ doas chown www: /var/www/auth-trial/.htpasswd
$ # the file generated above is writable by user
$ doas chmod u-w: /var/www/auth-trial/.htpasswd

$ ls -l /var/www/auth-trial/.htpasswd 
-r--------  1 www       wheel  69 Aug  2 15:20 /var/www/auth-trial/.htpasswd


Enter fullscreen mode Exit fullscreen mode

Configure httpd.conf

Edit httpd.conf:



$ doas nvim /etc/httpd.conf


Enter fullscreen mode Exit fullscreen mode

in order to define authenticate in server section:



  server "(...)" {
      (...)
+     authenticate with "/auth-trial/.htpasswd"
      root "/auth-trial"
      (...)
      location "(...)" {
          (...)
      }
      (...)
  }


Enter fullscreen mode Exit fullscreen mode

Restart the daemon:



$ doas rcctl restart httpd
httpd(ok)
httpd(ok)


Enter fullscreen mode Exit fullscreen mode

Done :)

Conclusion

Now you can see confirmation required:

confirmation

and access denied when the input is invalid:

unauthorized

💖 💪 🙅 🚩
nabbisen
nabbisen

Posted on August 2, 2021

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related