Forum

Using Digest Auth for your website

Da JoJo
20 March 2013, 23:55
To setup Digest Authentication for Hiawatha you need the program called : htdigest
you can find this on the apache webserver site or somewhere on the web.

first make a password file. open command prompt and type :

htdigest -c .passfile "the realm" user

it will ask for a password which is the password used in the login-window together with the user
now you have a file with the password in it and some weird code which is your encrypted pass.
in hiawatha settings you need to set the following things:

in Bind:

EnableAlter = yes <for the GET and PUT stuff


in VirtualHost :

# ErrorHandler = 401:/error404.php (<you cannot use the 401 error handler since it breaks the login)
AlterGroup = agroup
AlterList = pwd all (< to allow all that have login ok
AccesList = pwd all (<to allow all that have login ok
RequiredGroup = agroup (<user need to be in this group to be able to alter (get n put)
LoginMessage = the realm (< make sure this is exactly the same as the realm you choose and note the "" which aint here but are in htdigest needed
PasswordFile = digest:/cygdrive/c/web/digest/.passfile,/cygdrive/c/web/digest/.groupfile (< if you have unix thing you use some dir outside the webdir)
AccessLogfile = cygdrive/c/web/logs

in the .groupfile there should be :

agroup:user


the website is on /cygdrive/c/web/webroot/
do not put the password or group file in the website, but put them under the webroot dir for example.


Hiawatha version: 8.8.1
Operating System: Windows 7 X64 Ultimate
Hugo Leisink
21 March 2013, 10:38
Don't use htdigest, but use wigwam with the -d option (wigwam comes with Hiawatha).
EnableAlter is not for GET. It allows the PUT and DELETE requests.

I see a lot of text, but no question. Do you have any or what is the purpose of this forum post?
Da JoJo
21 March 2013, 11:31
well it seems basic auth is too insecure for use.
error401 handler causes error in auth where it did not in older versions of hiawatha, so i wonder if this is normal or is it the PHP causing trouble ?
htdigest works fine for me and i didnt know you put this function in wigwam, that is really nice.
it took me some time to get it to work and i had many weird problems , so i made this post so everyone can simply fix it for themselves.
the manual confused me a bit on this part. and yes it is PUT and DELETE, you get the idea when looking at it.
its just an example of how to use it. hence i put it in here.. the hiawatha configuration forum..
This topic has been closed.