Re: [leaf-user] leaf-user Digest, Vol 205, Issue 14

[Erich T. <eri...@th...>]

Hi Jeanrocco

Am 22.12.2025 um 18:14 schrieb jeanrocco jr:
> Hello Eric, Slawek & all,
> 
> On Sat, Dec 20, 2025 at 1:48 PM Erich Titl <eri...@th... 
> <mailto:eri...@th...>> wrote:
> 
>     Hi Jeanrocco
> 
>     Am 20.12.2025 um 19:07 schrieb jeanrocco jr:
>      > Hello Erich, Slawek & all
>      >
>      > On Sat, Dec 20, 2025 at 11:06 AM Erich Titl <eri...@th...
>     <mailto:eri...@th...>
>      > <mailto:eri...@th... <mailto:eri...@th...>>> wrote:
>      >
>     ...
> 
>      >
>      >
>      > Erich, right, this is exactly wrong access permission. Slawek, these
>      > logs show you are not giving Webconf the right Username and
>     Password .
>      >
>      > A normal Webconf connection would show: notice the "admin" here
>     as I'm
>      > using admin as my username ...
>      >
>      >   192.168.1.154 192.168.1.254 admin [20/Dec/2025:12:39:32 -0500]
>     "GET /
>      > pix/180px-LEAFProjectLogo-Landscape.png HTTP/1.1" 200 14458
>      > "*MailScanner warning: numerical links are often malicious:*
>      > *MailScanner warning: numerical links are often malicious:*
>     https://192.168.1.254/ <https://192.168.1.254/> <*MailScanner
>     warning: numerical links are often malicious:*
>     https://192.168.1.254/ <https://192.168.1.254/>>" "Mozilla/5.0 (X11;
>      > Linux x86_64; rv:142.0) Gecko/20100101 Firefox/142.0"
>      >
>      > When I voluntarily enter admin and a wrong password to connect to
>      > Webconf, this is what I get: notice no admin here it is replaced
>     by "-"
>      >
>      >   192.168.1.154 192.168.1.254 - [20/Dec/2025:12:43:46 -0500] "GET /
>      > HTTP/1.1" 401 347 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:142.0)
>      > Gecko/20100101 Firefox/142.0"
>      >
>      > Erich, he should be captive of the "Webconf password page" when
>     he opens
>      > up Webconf for the first time, and can get out of it only by
>     giving a
>      > username and password.
>      > So Slawek you must have given Webconf an admin and password, but
>     don't
>      > remember it ....
>      >
>      > Erich, is there a way to reinitialize Webconf to ask for a new
>     username/
>      > password, from the command lines ?
> 
>     I guess the easiest way is to overwrite .htpasswd in /var/webconf/www
>     with an empty string like:
> 
>       > /var/webconf/www/.htpasswd
> 
>     Then a new login attempt from a terminal should trigger the part in
>     .profile which wants to install new passwords. This is quite a chunk of
>     shell code which I eliminated from my .profile because I hated it.
> 
>     Another way is to use pwcrypt to create a new user:password entry for
>     .htpasswd
> 
>     gatekeeper# echo username:$(pwcrypt) > .htpasswd
>     Enter the password to encrypt: foo
> 
>     gatekeeper# cat .htpasswd
>     username:Cf6wAfwQPTnig
> 
> 
> 
> Ok I did just that but  " echo admin:$(pwcrypt) > .htpasswd " but 
> nothing happened from the browser ... on 7.5.1

There is a bug since 7.2.0. As I am running an old version of lighttpd I 
just found out. Check the file /etc/lighttpd/conf.d/auth.conf. This 
block is important, the auth.require needs to be as shown below.

auth.require               = ( "/" =>
                                (
                                  "method"  => "basic",
                                  "realm"   => "Login",
                                  "require" => "valid-user"
                                ),
                              )

You may need to restart lighttpd

cheers

ET

-- 
„Wer von seinem Tag nicht zwei Drittel für sich hat, ist ein Sklave.“
―Friedrich Nietzsche