Browse Source

merged [373]

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.3.x@374 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.3.14
Jan Kneschke 17 years ago
parent
commit
4d33902639
  1. 16
      doc/Makefile.am
  2. 28
      doc/authentication.txt
  3. 2
      doc/lighttpd.conf
  4. 4
      doc/secdownload.txt
  5. 24
      tests/mod-auth.t
  6. 6
      tests/mod-fastcgi.t

16
doc/Makefile.am

@ -2,7 +2,7 @@ dist_man1_MANS=lighttpd.1 spawn-fcgi.1
DOCS=accesslog.txt \
authentification.txt \
authentication.txt \
cgi.txt \
compress.txt \
configuration.txt \
@ -31,7 +31,7 @@ setenv.txt \
status.txt
HTMLDOCS=accesslog.html \
authentification.html \
authentication.html \
cgi.html \
compress.html \
configuration.html \
@ -61,8 +61,8 @@ HTMLDOCS=accesslog.html \
EXTRA_DIST=lighttpd.conf lighttpd.user \
rc.lighttpd rc.lighttpd.redhat sysconfig.lighttpd \
state.ps.gz rrdtool-graph.sh \
state.dot fastcgi-state.dot fastcgi-state.ps.gz \
rrdtool-graph.sh \
state.dot fastcgi-state.dot \
spawn-php.sh \
newstyle.css \
oldstyle.css \
@ -74,11 +74,11 @@ EXTRA_DIST=lighttpd.conf lighttpd.user \
html: $(HTMLDOCS)
%.ps.gz: %.ps
gzip $^
#%.ps.gz: %.ps
# gzip $^
%.ps: %.dot
dot -Tps -o $@ $^
#%.ps: %.dot
# dot -Tps -o $@ $^
clean-local:
rm -f *.html

28
doc/authentification.txt → doc/authentication.txt

@ -7,14 +7,14 @@ Module: mod_auth
----------------
:Author: Jan Kneschke
:Date: $Date: 2004/11/03 22:26:05 $
:Revision: $Revision: 1.3 $
:Date: $Date$
:Revision: $Revision$
:abstract:
The auth module provides ...
.. meta::
:keywords: lighttpd, authentification
:keywords: lighttpd, authentication
.. contents:: Table of Contents
@ -24,7 +24,7 @@ Description
Supported Methods
-----------------
lighttpd supportes both authentification method described by
lighttpd supportes both authentication method described by
RFC 2617:
basic
@ -39,14 +39,14 @@ digest
``````
The Digest method only transfers a hashed value over the
network which is performes a lot of work to harden the
authentification process in insecure networks.
network which performs a lot of work to harden the
authentication process in insecure networks.
Backends
--------
Depending on the method lighttpd provides various way to store
the credentials used for the authentification.
the credentials used for the authentication.
for basic auth:
@ -112,7 +112,7 @@ Using md5sum can also generate the password-hash: ::
ldap
````
the ldap backend is basicly performing the following steps
the ldap backend is basically performing the following steps
to authenticate a user
1. connect anonymously (at plugin init)
@ -120,7 +120,7 @@ to authenticate a user
3. auth against ldap server
4. disconnect
if step 4 is performs without any error the user is
if all 4 steps are performed without any error the user is
authenticated
Configuration
@ -152,6 +152,10 @@ Configuration
auth.backend.ldap.hostname = "localhost"
auth.backend.ldap.base-dn = "dc=my-domain,dc=com"
auth.backend.ldap.filter = "(uid=$)"
# if enabled, startTLS needs a valid (base64-encoded) CA
# certificate
auth.backend.ldap.starttls = "enable"
auth.backend.ldap.cafile = "/etc/CAcertificate.pem"
## restrictions
# set restrictions:
@ -162,7 +166,7 @@ Configuration
# "require" => "user=<username>" )
# )
#
# <realm> is a string that is should be display in the dialog
# <realm> is a string to display in the dialog
# presented to the user and is also used for the
# digest-algorithm and has to match the realm in the
# htdigest file (if used)
@ -182,10 +186,10 @@ Configuration
)
)
Limitiations
Limitations
============
- The implementation of digest method is currently not
completely conforming to the standard as it is still allowing
completely compliant with the standard as it still allows
a replay attack.

2
doc/lighttpd.conf

@ -213,7 +213,7 @@ url.access-deny = ( "~", ".inc" )
#status.config-url = "/server-config"
#### auth module
## read authentification.txt for more info
## read authentication.txt for more info
#auth.backend = "plain"
#auth.backend.plain.userfile = "lighttpd.user"
#auth.backend.plain.groupfile = "lighttpd.group"

4
doc/secdownload.txt

@ -34,7 +34,7 @@ Description
there are multiple way to handle secured download mechanisms:
1. use the webserver and the internal HTTP-authentification
1. use the webserver and the internal HTTP-authentication
2. use the application to authenticate and send the file
through the application
@ -44,7 +44,7 @@ webserver:
- ``+`` fast download
- ``+`` no additional system load
- ``-`` unflexible authentification handling
- ``-`` unflexible authentication handling
application:

24
tests/mod-auth.t

@ -2,7 +2,7 @@
use strict;
use IO::Socket;
use Test::More tests => 5;
use Test::More tests => 7;
my $basedir = (defined $ENV{'top_builddir'} ? $ENV{'top_builddir'} : '..');
my $srcdir = (defined $ENV{'srcdir'} ? $ENV{'srcdir'} : '.');
@ -211,5 +211,27 @@ EOF
@response = ( { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } );
ok(handle_http == 0, 'Basic-Auth: Valid Auth-token');
@request = ( <<EOF
GET /server-config HTTP/1.0
User-Agent: Wget/1.9.1
Authorization: Digest username="beta", realm="Beta", nonce="9a5428ccc05b086a08d918e73b01fc6f",
uri="/server-config", response="ea5f7d9a30b8b762f9610ccb87dea74f"
EOF
);
@response = ( { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } );
ok(handle_http == 0, 'Digest-Auth: missing qop');
@request = ( <<EOF
GET /server-config HTTP/1.0
User-Agent: Wget/1.9.1
Authorization: Digest username="beta", realm="Beta", nonce="9a5428ccc05b086a08d918e73b01fc6f",
uri="/server-config", response="ea5f7d9a30b8b762f9610ccb87dea74e"
EOF
);
@response = ( { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } );
ok(handle_http == 0, 'Digest-Auth: broken password');
ok(stop_proc == 0, "Stopping lighttpd");

6
tests/mod-fastcgi.t

@ -349,7 +349,7 @@ EOF
}
SKIP: {
skip "no fcgi-auth found", 4 unless -x $basedir."/tests/fcgi-auth";
skip "no fcgi-auth found", 4 unless -x $basedir."/tests/fcgi-auth.exe";
$configfile = 'fastcgi-auth.conf';
ok(start_proc == 0, "Starting lighttpd with $configfile") or die();
@ -373,7 +373,7 @@ EOF
}
SKIP: {
skip "no fcgi-auth found", 3 unless -x "/home/weigon/Documents/php-4.3.10/sapi/cgi/php";
skip "no php found", 3 unless -x "/home/weigon/Documents/php-4.3.10/sapi/cgi/php";
$configfile = 'fastcgi-13.conf';
ok(start_proc == 0, "Starting lighttpd with $configfile") or die();
@request = ( <<EOF
@ -389,7 +389,7 @@ EOF
SKIP: {
skip "no fcgi-auth found", 9 unless -x $basedir."/tests/fcgi-responder";
skip "no fcgi-responder found", 9 unless -x $basedir."/tests/fcgi-responder.exe";
$configfile = 'fastcgi-responder.conf';
ok(start_proc == 0, "Starting lighttpd with $configfile") or die();

Loading…
Cancel
Save