Cherokee Web Server: Authentication

Authentication

The authentication provides a mechanism to restrict the access of some resources as directories, extensions or predefined requests. The authentication modules receive the name of Validators, and each one of them implements a different authentication mechanism. The scope of a validator is local to a directory, extension definition or request entry, inside of an Auth clause.

There are two kinds of authentications:

Basic authentication: This method sends the user and password pair clear over the network, so it isn't a very safe method. It could represent a security problem is the connection isn't encrypted (HTTPS connection are completely safe though). This method is very easy to implement, so most of the programs supports it.

Digest authentication: It is by far much more secure, but it is also more complex. If the clients of the server are modern browsers they won't have any problem to use this authentication method: More information

Cherokee distributes a number of validators: htpasswd, htdigest, PAM, and a Plain text file validator. Some of these validators are only suitable for certain authentication methods:

	HTTP Basic	HTTP Digest
Plain	yes	yes
htpasswd	yes	no
htdigest	yes	yes
PAM	yes	no

User restriction

One of the common features for all the validator is the user basedrestrictions. Basically, it is possible to specify a list of users who are allowed to authenticate with the validator.

Example

The only users allowed to access to the directory /secret are alo and root, it doesn't matter is the systems has a hundred users.

Directory /secret {
    Auth Basic, Digest {
        Method pam
        User alo, root
    }
}