Enable Authentication In Zimbra CBPolicyd Webui

Enable Authentication In Zimbra CBPolicyd Webui

Hello there! In this post, I’m going to write about how to enable authentication in Zimbra CBPolicyd Webui. If you use Zimbra but haven’t yet used CBPolicyd, I recommend you to see me previous post where I discussed about installation and use of CBPolicyd for managing mail related rules or restrictions in Zimbra. Until now, we don’t have any kind of authentication mechanism to protect our CBPolicyd’s web panel. So, let’s go ahead and setup an authentication method for our crucial CBPolicyd webui.

CBPolicyd Authentication Prompt
CBPolicyd Authentication Prompt

First, let’s create a .htaccess file in CBPolicyd’s home directory.

vi /opt/zimbra/cbpolicyd/share/webui/.htaccess

Inside this file, add following lines:

AuthUserFile /opt/zimbra/cbpolicyd/share/webui/.htpasswd
AuthGroupFile /dev/null
AuthName "User and Password"
AuthType Basic

require valid-user

As we can see in the first line of .htaccess file, we now need to create a .htpasswd file which will be used as authentication user file. This .htpasswd file will contain the username and password for authenticating into CBPolicyd web. So, let’s create this file as follows:

touch /opt/zimbra/cbpolicyd/share/webui/.htpasswd
/opt/zimbra/httpd/bin/htpasswd -cb /opt/zimbra/cbpolicyd/share/webui/.htpasswd <user> <password> 

Then, we need to add a directory entry for CBPolicyd in httpd.conf. The following lines should be appended to the httpd.conf file.

vi /opt/zimbra/conf/httpd.conf

Alias /webui /opt/zimbra/cbpolicyd/share/webui/
<Directory /opt/zimbra/cbpolicyd/share/webui/>
# Below are the access rules for this directory. If you dont' want to have any restrictions on this site, either delete or comment out the following lines.
AllowOverride AuthConfig
Order Deny,Allow
Allow from all

At last, let’s restart the Apache server to implement the changes made:

su - zimbra -c "zmapachectl restart"

I hope this has been helpful. Please let me know if you’ve any feedback or suggestion in the Comments Section below.