<short>requires authentication from clients using a username and password. It supports the basic (digest not yet) authentication method as well as plaintext, htpasswd and htdigest backends.</short>
<description>
<textile>
*IMPORTANT NOTE*: You need to put the auth actions before generating content! If a content handler is already active (like php or static or dirlist), auth will be ignored!
* Basic:
The "basic" method transfers the username and the password in cleartext over the network (base64 encoded) and might result in security problems if not used in conjunction with an encrypted communication channel between client and server.
It is recommend to use https in conjunction with basic authentication.
* Digest (not supported yet):
The "digest" method only transfers a hashed value over the network which performs a lot of work to harden the authentication process in insecure networks (like the internet).
The "digest" method doesn't work with the htpasswd backend, only with plaintext and htdigest.
*NOTE*: The digest method is broken in Internet Explorer < 7. Use basic instead if this is a problem for you. (not supported for now anyway)
</textile>
</description>
<actionname="auth.plain">
<short>requires authentication using a plaintext file</short>
<parametername="options">
<table>
<entryname="method">
<short>"basic" or "digest" - for now only "basic" is supported, but you still have to specify it.</short>
</entry>
<entryname="realm">
<short>the realm name to send in the "Need authentication" response to the browser; used in the hash for htdigest too.</short>
</entry>
<entryname="file">
<short>the filename of the backend data</short>
</entry>
<entryname="ttl">
<short>(optional) after how many seconds lighty reloads the password file if it got changed and is needed again (defaults to 10 seconds)</short>
You can use @auth.require_user@ from the mod_lua plugin "contrib/core.lua":http://git.lighttpd.net/lighttpd/lighttpd2.git/tree/contrib/core.lua for the REMOTE_USER check too:
