> How does the httpd "authenticate" option work? from httpd.conf(5): > [no] authenticate [realm] with htpasswd > Authenticate a remote user for realm by checking the credentials > against the user authentication file htpasswd. The file name is > relative to the chroot and must be readable by the www user. Use > the no authenticate directive to disable authentication in a > location. > > what's "realm"? It shows up twice in the man page, both times in that > paragraph. Googling was not overly productive due to that other web > server that also uses the file name "httpd.conf" and htpasswd. :-/
Check RFC 2617: http://tools.ietf.org/html/rfc2617#page-3 Or just Google it via "http realm" query and check Stack Overflow: http://stackoverflow.com/questions/12701085/what-is-the-realm-in-basic-authentication > What I'm trying to do is have one user/pw protected directory on a web > server. Most of the server is open to all (and of interest to very > few), but this one directory should be letting basically no one in > without authentication. No prob, just follow the instructions. I've just tested them on OpenBSD 5.7 release. 1. Put something like this in your /etc/httpd.conf: server "default" { listen on egress port 80 location "/priv*" { authenticate with "/htpasswd" } } 2. Now use htpasswd to create a htpasswd file. Swap "example" with your user name: $ sudo htpasswd /var/www/htpasswd example Password: Retype Password: $ 3. Now make it readable for user www group daemon by issuing this command: $ sudo chown www:daemon /var/www/htpasswd 4. Enjoy. P.S: I believe httpd should say something explicitly if it fails to load htpasswd file. Currently it just silently fails. Should be at least a warning.
