HTTPAuth: An HTTP Authentication Daemon

HTTPAuth is a daemon and framework for authenticating HTTP requests. It supports Basic and Digest authentication against various databases such as LDAP, PostgreSQL or MYSQL. It also supports NTLM authentication against a Windows Server.

Authentication takes place by a daemon called httpauthd. This allows an extra layer of security as the web host doesn't need access to passwords or secrets. HTTPAuth isn't for everyone but can be a valuable tool in building more complex authentication for websites.

Compatibility: Various web servers can talk with httpauthd. Currently modules, plugins or code for the following systems have been written:

• Apache 1.3.x
• Apache 2.x
• Java Servlets
• Jetty Web Server

Documentation

• httpauthd: The daemon man page.
• httpauthd.conf: Configuration file man page.
• mkha1: Hash tool man page.
• Example Configuration: Digest authentication against MySQL
• Example Configuration: Digest authentication against LDAP
• Example Configuration: NTLM authentication
• FreeBSD RC Script

Notes:

• Tested on Linux, FreeBSD
• ChangeLog

Downloads:

Source: httpauth-0.9.5.tar.gz
Source: httpauth-0.9.4.tar.gz
Source: httpauth-0.9.2.tar.gz
Source: httpauth-0.9.1.tar.gz
Source: httpauth-0.9.tar.gz
Source: httpauth-0.8.tar.gz
Source: httpauth-0.7.tar.gz
Source: httpauth-0.6.tar.gz
Source: httpauth-0.5.2.tar.gz
Source: httpauth-0.5.1.tar.gz
Source: httpauth-0.5.tar.gz

Development:

You can get a snapshot of the source with git:

$ git clone git://thewalter.net/httpauth.git

Source code repository:
http://thewalter.net/git/cgit.cgi/httpauth/

Licensing and Support

The daemon is licensed under the GPL license. The various plugins and code are licensed under a BSD license. Contact me when bugs are found.

   [ home page ]