Department of Computer ScienceFor more detailed information on this subject please see the Apache 2.2 authentication page.
With basic authentication, a web page maintainer can create a username/password combination which is required to access the contents of the given directory. The username and password are chosen by the web page maintainer; they are not related to any other system-wide usernames or passwords used to access other systems. Maintaining and distributing the credentials is the responsibility of the web page maintainer. To enable basic authentication on a web directory, perform the following steps.
# htpasswd -c /path/to/my/web/directory/passwords myuser New password: mypassword Re-type new password: mypassword Adding password for user myuser
htpasswd will prompt you for the password, and then ask you confirm it. The passwords file must be readable by the web server and cannot be inside the password protected directory. Run the htpasswd command without arguement for a short listing of the possible options and arguements.
You must create an .htaccess which contains keywords which will tell the web server to require authentication for access to that directory. This is simply a text file that can be created in any editor capable of creating plain text files. Using the password file in the example above, the simplest .htaccess file would look as follows:
AuthType Basic AuthName "Restricted Files" AuthUserFile /path/to/my/web/directory/passwords shibdisable On Require user myuser
Once these two files are created, the directory containing the .htaccess will require authentication. The htpasswd command can be used to add or modify user/password combinations at a later time.
- Create the password file if necessary and add an account
- Create and configure the .htaccess file