Authentication Through Realms

You are here:
< Back

User Authentication by Site or Subdirectory

Authentication is the process of confirming a user’s identity, and it provides a way to ensure that only legitimate users create content on your site. Authentication is set up through OpenLiteSpeed’s WebAdmin Console and may be applied to the whole site ("/"), or only a subdirectory (/protected/, for example).

OLS WebAdmin runs as lsadm:lsadm. It doesn’t have permission to access your $VH_ROOT. The recommended realm password file location is at $SERVER_ROOT/conf/vhosts/$VH_NAME/htpasswd, and realm group file location is at $SERVER_ROOT/conf/vhosts/$VH_NAME/htgroup.

You may wish to manually create the htpasswd file through the command line via the htpasswd command, but you will need to make sure that the file is readable by lsadm and the user that runs the web server, usually nobody. Without read access, it may not work.

Add or Edit Authorization Realms Database

If you don’t have an Authorization Realms database, you need to create one. Within OLS WebAdmin, navigate to Virtual Host Configuration > Security > Realm List. Click + to add a new one, or click the Edit icon to edit an existing one.

Set User DB Location to $SERVER_ROOT/conf/vhosts/$VH_NAME/htpasswd and Group DB Location to $SERVER_ROOT/conf/vhosts/$VH_NAME/htgroup. If either of the files don’t exist, you will need to click CLICK TO CREATE.

You should see

/usr/local/lsws/conf/vhosts/Example/htpasswd has been created successfully.

and

/usr/local/lsws/conf/vhosts/Example/htgroup has been created successfully.

if all goes well.

Click the Save button.

Create an Authorized User

Hover over User DB Location and click the file path.

This will bring you to the user and password setup screen, where you can click + to add a user and password.

Set User Name as desired. In this example, we used test. Set New Password to whatever you wish (again, we used test), and verify the password in the Retype Password field.

Add Access Required by Context

Depending on whether you want to apply the authentication to the whole site or to just a subdirectory, you will either edit/create the / context or edit/create a subdirectory context (for example, a /protected/ context for the site’s protected subdirectory).

In the following example, we will show you how to apply the authentication realm to the /protected/ subdirectory.

Click + to add a /protected/ static context if it doesn’t exist, or click the Edit icon, it if already does.

Set the following values:
URI: /protected/
Location: protected/
Accessible: Yes
Realm: Select the realm you created/edited in the previous steps.
Authentication Name:  Give it any name you like.
Require (Authorized Users/Groups): You can leave this blank, and it will pick up any user or group defined in the password file. Or, you can specify particular user(s) to have access to this context.
Access Allowed *