aboutsummaryrefslogtreecommitdiffstats

htmpasswd

htmpasswd is a script to help create temporary users in files made with htpasswd.

This script assumes your htpasswd-files are stored in /etc/nginx/htpasswd (you can change this with the variable $HTDIR). It also needs access to /var/spool/htmpasswd, where the temporary users are stored until they expore.

htmpasswd takes two arguments. $1 is the name of the password-file, and $2 is the name of the temporary user. $2 is optional. The script returns a temprary username and password separated by a colon.

Example: $ sudo htmlpasswd f.dnns.no woeomu:aadscv This would now be valid at https://woeomu:aadscv@f.dnns.no.

Installation

$ sudo git clone https://git.dnns.no/htmpasswd.git /usr/local/src/htmpasswd
$ sudo ln -s /usr/local/src/htmpasswd/htmpasswd /etc/cron.hourly/htmpasswd-cron
$ sudo ln -s /usr/local/src/htmpasswd/htmpasswd /usr/local/sbin/

Config

If you want to change the default configuration, check the script to see which variables are used, and change them in /etc/default/htmpasswd, which will be sourced if it exists.

Working example

First, install the script as described above.

Then, install your preferred webserver (I use nginx), and set up a vhost to use basic auth. My example vhost - /etc/nginx/sites-enabled/wiki.dnns.no: ``` server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name wiki.dnns.no;

ssl_certificate /etc/letsencrypt/live/wiki.dnns.no/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.dnns.no/privkey.pem;

# ACL
auth_basic "wiki.dnns.no";
auth_basic_user_file /etc/nginx/htpasswd/wiki;

root /var/www/wiki.dnns.no;

} Then create a folder for your passwordfiles. I use `/etc/nginx/htpasswd/`. Now create your user (alternatively you could just `touch` an empty file, but in my working example I want a working permanent user). $ htpasswd testuser /etc/nginx/htpasswd/wiki New password: Re-type new password: Adding password for user /etc/nginx/htpasswd/wiki Now I should be able to create a temporary user using `htmpasswd`. root@thale ~ # htmpasswd wiki Adding password for user rckgck rckgck:fksd4i ``` This temporary user and password should now be valid for https://wiki.dnns.no for 24h hours (the default).

cron

In order to automagically remove the temporary users after a set amount of time, the script also needs to be invoked regularly by cron. When run by cron, it takes no arguments.

For the script to recognize it’s being run by cron, you either need to set the environmental variable $RUN_BY_CRON to true, or you can name the script htmpasswd-cron as the script will recognize the -cron-suffix.

generated by cgit, for Dennis Eriksen