Forum
Using Digest Auth for your website
Da JoJo
20 March 2013, 23:55
To setup Digest Authentication for Hiawatha you need the program called : htdigest
you can find this on the apache webserver site or somewhere on the web.
first make a password file. open command prompt and type :
htdigest -c .passfile "the realm" user
it will ask for a password which is the password used in the login-window together with the user
now you have a file with the password in it and some weird code which is your encrypted pass.
in hiawatha settings you need to set the following things:
in Bind:
EnableAlter = yes <for the GET and PUT stuff
in VirtualHost :
# ErrorHandler = 401:/error404.php (<you cannot use the 401 error handler since it breaks the login)
AlterGroup = agroup
AlterList = pwd all (< to allow all that have login ok
AccesList = pwd all (<to allow all that have login ok
RequiredGroup = agroup (<user need to be in this group to be able to alter (get n put)
LoginMessage = the realm (< make sure this is exactly the same as the realm you choose and note the "" which aint here but are in htdigest needed
PasswordFile = digest:/cygdrive/c/web/digest/.passfile,/cygdrive/c/web/digest/.groupfile (< if you have unix thing you use some dir outside the webdir)
AccessLogfile = cygdrive/c/web/logs
in the .groupfile there should be :
agroup:user
the website is on /cygdrive/c/web/webroot/
do not put the password or group file in the website, but put them under the webroot dir for example.
Hiawatha version: 8.8.1
Operating System: Windows 7 X64 Ultimate
you can find this on the apache webserver site or somewhere on the web.
first make a password file. open command prompt and type :
htdigest -c .passfile "the realm" user
it will ask for a password which is the password used in the login-window together with the user
now you have a file with the password in it and some weird code which is your encrypted pass.
in hiawatha settings you need to set the following things:
in Bind:
EnableAlter = yes <for the GET and PUT stuff
in VirtualHost :
# ErrorHandler = 401:/error404.php (<you cannot use the 401 error handler since it breaks the login)
AlterGroup = agroup
AlterList = pwd all (< to allow all that have login ok
AccesList = pwd all (<to allow all that have login ok
RequiredGroup = agroup (<user need to be in this group to be able to alter (get n put)
LoginMessage = the realm (< make sure this is exactly the same as the realm you choose and note the "" which aint here but are in htdigest needed
PasswordFile = digest:/cygdrive/c/web/digest/.passfile,/cygdrive/c/web/digest/.groupfile (< if you have unix thing you use some dir outside the webdir)
AccessLogfile = cygdrive/c/web/logs
in the .groupfile there should be :
agroup:user
the website is on /cygdrive/c/web/webroot/
do not put the password or group file in the website, but put them under the webroot dir for example.
Hiawatha version: 8.8.1
Operating System: Windows 7 X64 Ultimate
Hugo Leisink
21 March 2013, 10:38
Don't use htdigest, but use wigwam with the -d option (wigwam comes with Hiawatha).
EnableAlter is not for GET. It allows the PUT and DELETE requests.
I see a lot of text, but no question. Do you have any or what is the purpose of this forum post?
EnableAlter is not for GET. It allows the PUT and DELETE requests.
I see a lot of text, but no question. Do you have any or what is the purpose of this forum post?
Da JoJo
21 March 2013, 11:31
well it seems basic auth is too insecure for use.
error401 handler causes error in auth where it did not in older versions of hiawatha, so i wonder if this is normal or is it the PHP causing trouble ?
htdigest works fine for me and i didnt know you put this function in wigwam, that is really nice.
it took me some time to get it to work and i had many weird problems , so i made this post so everyone can simply fix it for themselves.
the manual confused me a bit on this part. and yes it is PUT and DELETE, you get the idea when looking at it.
its just an example of how to use it. hence i put it in here.. the hiawatha configuration forum..
error401 handler causes error in auth where it did not in older versions of hiawatha, so i wonder if this is normal or is it the PHP causing trouble ?
htdigest works fine for me and i didnt know you put this function in wigwam, that is really nice.
it took me some time to get it to work and i had many weird problems , so i made this post so everyone can simply fix it for themselves.
the manual confused me a bit on this part. and yes it is PUT and DELETE, you get the idea when looking at it.
its just an example of how to use it. hence i put it in here.. the hiawatha configuration forum..
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
