library

lighttpd.conf

Make sure you enable mod_access in your lighttpd.conf:

server.modules += ( "mod_access" ) 

htpasswd

#htpasswd -c ~/lighttpd/foo-auth.xt username

Running this command will prompt for this user's new password to store in the txt file. Combining this with a special $HTTP["host"] conditional ruleset in our lighttpd.conf will allow us to enable BASIC http authentication.

$HTTP["host"] =~ ".*domainroot.*" {
$HTTP["url"] =~ "^/somesubdir/" {
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/home/you/lighttpd/foo-auth.txt"
auth.require = ("/somesubdir" => (
"method"  => "basic",
"realm"   => "anything",
"require" => "valid-user"
))
}
}

Plain Text

If you don't have access to htpasswd or don't care if the password is not encrypted, you can simply create a plain text file with the following:

username:123

"Username" can be any user name you like and the "123" is the password.

The configuration is a little different for this form of authentication:

$HTTP["url"] =~ "^/somesubdir" {
auth.backend = "plain"
auth.backend.plain.userfile = "/home/you/lighttpd/foo-auth.txt"
auth.require = ("/somesubdir" => (
"method"  => "basic",
"realm"   => "whatever",
"require" => "valid-user"
))
} 

Once this is in place, restart your lighttpd instance and users visiting the now protected url will be prompted with something like this: