Password Tutorial
If you would like to have a set of web pages that are protected, requiring a username/password to gain access, this tutorial will show you how to set it up. This is geared towards the Unix Apache httpd servers.
Steps to Password-protect
a Directory
First, create a subdirectory in your web area. For the sake of this tutorial,
I have created the "protect" directory. Set the permissions on the
directory so that the server has read/execute.
Next you must create a .htaccess file inside the directory you want protected. You can use either the vi or pico editors on the supported systems mentioned above or ftp the file to this directory. If you are new to unix or know little about vi then I suggest you use the pico editor or ftp the .htaccess file. The command to edit with pico is "pico .htaccess". The .htaccess file should contain the following lines. The items in bold are things you will want to change depending on the location of the AuthUserFile and content of AuthName.
AuthUserFile /z/ianxxi/secret/.htpasswd
AuthGroupFile /dev/null
AuthName "IANXXI's protected files"
AuthType Basic
<Limit GET>
require valid-user
</Limit>
The AuthName is
what the user will see when they're prompted for a password - something to the
effect of "Enter the username for IANXXI's Protected files". The AuthUserFile
is location of the password file and should be not accessible with a url on
the server for security reasons. This is a full unix path and the permissions
should be set up like the "protect" directory using the chmod and
chgrp-www commands above so the only one that can read this file is the owner
and the server. To get the full path of a directory, cd to that directory and
enter the command "pwd" to print the working directory path.
Now you'll have to set up the password file. You'll need to use the htpasswd
program. It is included with the Apache httpd server.
First cd to the directory that contains the password file. In this example the password file is called .htpasswd and is in the directory /z/ianxxi/secret/ as indicated by the AuthUserFile file entry in the .htaccess file. For every username you want to add to the password file, enter the following. (the -c is only required the first time; it indicates that you want to create the .htpasswd file).
cd
mkdir secret
cd secret
htpasswd -c .htpasswd pumpkin
[ you're prompted for the password for pumpkin]
[ if you have other users enter the following. Don't use the -c]
htpasswd .htpasswd user2
htpasswd .htpasswd user3
Again, make sure the permissions are set up like the "protect" directory using the chmod and chgrp-www commands above so the only one that can read files in the "secret" directory is the owner and the server.