DEV Community

Heddi Nabbisen
Heddi Nabbisen

Posted on

OpenBSD httpd: Basic authentication with htpasswd

Summary

OpenBSD httpd supports basic authentication with htpasswd.
Here shows how to use it. Besides, the official documentation is here.

Tutorial

Assuming that:
the absolute path of our document root is /var/www/auth-trial.

Generate .htpasswd

First, generate .htpasswd:

$ doas htpasswd /var/www/auth-trial/.htpasswd <username>
Enter fullscreen mode Exit fullscreen mode

This command writes <username> (which is editable) and generated password for them, hashed by bcrypt, into .htpasswd file.
Now you can see:

$ doas cat /var/www/auth-trial/.htpasswd
<username>:(...)
Enter fullscreen mode Exit fullscreen mode

It is important to confirm the web user running httpd daemon can read it:

$ doas chown www: /var/www/auth-trial/.htpasswd
$ # the file generated above is writable by user
$ doas chmod u-w: /var/www/auth-trial/.htpasswd

$ ls -l /var/www/auth-trial/.htpasswd 
-r--------  1 www       wheel  69 Aug  2 15:20 /var/www/auth-trial/.htpasswd
Enter fullscreen mode Exit fullscreen mode

Configure httpd.conf

Edit httpd.conf:

$ doas nvim /etc/httpd.conf
Enter fullscreen mode Exit fullscreen mode

in order to define authenticate in server section:

  server "(...)" {
      (...)
+     authenticate with "/auth-trial/.htpasswd"
      root "/auth-trial"
      (...)
      location "(...)" {
          (...)
      }
      (...)
  }
Enter fullscreen mode Exit fullscreen mode

Restart the daemon:

$ doas rcctl restart httpd
httpd(ok)
httpd(ok)
Enter fullscreen mode Exit fullscreen mode

Done :)

Conclusion

Now you can see confirmation required:

confirmation

and access denied when the input is invalid:

unauthorized

Discussion (0)