diff --git a/camlistored/camlistored.go b/camlistored/camlistored.go
index d77890fd3..abbf8240d 100644
--- a/camlistored/camlistored.go
+++ b/camlistored/camlistored.go
@@ -18,7 +18,7 @@ import "regexp"
 var listen *string = flag.String("listen", "0.0.0.0:3179", "host:port to listen on")
 var storageRoot *string = flag.String("root", "/tmp/camliroot", "Root directory to store files")
 
-var sharedSecret string
+var putPassword string
 
 var kGetPutPattern *regexp.Regexp = regexp.MustCompile(`^/camli/(sha1)-([a-f0-9]+)$`)
 var kBasicAuthPattern *regexp.Regexp = regexp.MustCompile(`^Basic ([a-zA-Z0-9\+/=]+)`)
@@ -88,9 +88,18 @@ func putAllowed(req *http.Request) bool {
 	}
 	var outBuf []byte = make([]byte, base64.StdEncoding.DecodedLen(len(matches[1])))
 	bytes, err := base64.StdEncoding.Decode(outBuf, []uint8(matches[1]))
+	if err != nil {
+		return false
+	}
+	password := string(outBuf)
 	fmt.Println("Decoded bytes:", bytes, " error: ", err)
-	fmt.Println("Got userPass:", string(outBuf))
-	return false
+	fmt.Println("Got userPass:", password)
+	return password != "" && password == putPassword;
+}
+
+func getAllowed(req *http.Request) bool {
+	// For now...
+	return putAllowed(req)
 }
 
 func handleCamli(conn *http.Conn, req *http.Request) {
@@ -108,6 +117,13 @@ func handleCamli(conn *http.Conn, req *http.Request) {
 }
 
 func handleGet(conn *http.Conn, req *http.Request) {
+	if !getAllowed(req) {
+		conn.SetHeader("WWW-Authenticate", "Basic realm=\"camlistored\"")
+		conn.WriteHeader(http.StatusUnauthorized)
+		fmt.Fprintf(conn, "Authentication required.")
+		return
+	}
+
 	objRef := ParsePath(req.URL.Path)
 	if objRef == nil {
 		badRequestError(conn, "Malformed GET URL.")
@@ -239,8 +255,8 @@ This is camlistored, a Camlistore storage daemon.
 func main() {
 	flag.Parse()
 
-	sharedSecret = os.Getenv("CAMLI_PASSWORD")
-	if len(sharedSecret) == 0 {
+	putPassword = os.Getenv("CAMLI_PASSWORD")
+	if len(putPassword) == 0 {
 		fmt.Fprintf(os.Stderr,
 			"No CAMLI_PASSWORD environment variable set.\n")
 		os.Exit(1)