Directives
| Syntax: | auth_basic |
|---|---|
| Default: | auth_basic off; |
| Context: | http, server, location, limit_except |
Enables validation of user name and password using the “HTTP Basic Authentication” protocol. The specified parameter is used as a realm. Parameter value can contain variables (1.3.10, 1.2.7). The special value off allows cancelling the effect of the auth_basic directive inherited from the previous configuration level.
| Syntax: | auth_basic_user_file |
|---|---|
| Default: | — |
| Context: | http, server, location, limit_except |
Specifies a file that keeps user names and passwords, in the following format:
# comment name1:password1 name2:password2:comment name3:password3
The file name can contain variables.
The following password types are supported: 密码支持的加密方式
- encrypted with the
crypt()function; can be generated using the “htpasswd” utility from the Apache HTTP Server distribution or the “openssl passwd” command;
htppasswd安装查询:rpm -qf /usr/bin/htpasswd
yum安装 : yum install httpd-tools
创建用户名及密码文件:
eg: htpasswd -c ./path/filename keyname 回车后输入密码就可以
- hashed with the Apache variant of the MD5-based password algorithm (apr1); can be generated with the same tools;
- specified by the “
{scheme}data” syntax (1.0.3+) as described in RFC 2307; currently implemented schemes includePLAIN(an example one, should not be used),SHA(1.3.13) (plain SHA-1 hashing, should not be used) andSSHA(salted SHA-1 hashing, used by some software packages, notably OpenLDAP and Dovecot).Support for
SHAscheme was added only to aid in migration from other web servers. It should not be used for new passwords, since unsalted SHA-1 hashing that it employs is vulnerable to rainbow table attacks.
nginx -t -c
nginx -s reload
局限性:
需要提前设置密码文件 、管理麻烦效率低下
解决方案:
1. 通过lua文件实现
2. nginx和LDAP打通,利用nginx_auth_ladap实现
1170
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
