Authentication Through Realms¶
Authentication is the process of confirming a user's identity, and it provides a way to ensure that only legitimate users create content on your site. Authentication is set up through OpenLiteSpeed's WebAdmin Console and may be applied to the whole site (/
), or only a subdirectory (/protected/
, for example).
OLS WebAdmin runs as lsadm:lsadm
. It doesn't have permission to access your $VH_ROOT
. The recommended realm password file location is at $SERVER_ROOT/conf/vhosts/$VH_NAME/htpasswd
, and realm group file location is at $SERVER_ROOT/conf/vhosts/$VH_NAME/htgroup
.
You may wish to manually create the htpasswd
file through the command line via the htpasswd
command, but you will need to make sure that the file is readable by lsadm
and the user that runs the web server, usually nobody
. Without read access, it may not work.
Add or Edit Authorization Realms Database¶
If you don't have an Authorization Realms database, you need to create one. Within OLS WebAdmin, navigate to Virtual Host Configuration > Security > Realm List. Click + to add a new one, or click the Edit icon to edit an existing one.
Set the following values:
- User DB Location:
$SERVER_ROOT/conf/vhosts/$VH_NAME/htpasswd
- Group DB Location:
$SERVER_ROOT/conf/vhosts/$VH_NAME/htgroup
.
If either of the files don't exist, click the CLICK TO CREATE link.
If you need to create the directories and all goes well, you should see the following two messages:
/usr/local/lsws/conf/vhosts/Example/htpasswd has been created successfully.
/usr/local/lsws/conf/vhosts/Example/htgroup has been created successfully.
Click the Save button.
Create an Authorized User¶
Hover over User DB Location and click the file path.
This will bring you to the user and password setup screen, where you can click + to add a user and password.
Set User Name as desired. In this example, we used test
. Set New Password to whatever you wish (again, we used test
), and verify the password in the Retype Password field.
Add Access Required by Context¶
Depending on whether you want to apply the authentication to the whole site or to just a subdirectory, you will either edit/create the /
context or edit/create a subdirectory context (for example, a /protected/
context for the site's protected
subdirectory).
In the following example, we will show you how to apply the authentication realm to the /protected/ subdirectory.
Click + to add a /protected/
static context if it doesn't exist, or click the Edit icon, it if already does.
Set the following values:
- URI:
/protected/
- Location:
protected/
- Accessible:
Yes
- Realm: Select the realm you created/edited in the previous steps.
- Authentication Name: Give it any name you like.
- Require (Authorized Users/Groups): You can leave this blank, and it will pick up any user or group defined in the password file. Or, you can specify particular user(s) to have access to this context.
- Access Allowed:
*