Date: Tue, 26 Mar 1996 09:49:50 -0800 (PST) From: Bryan Ogawa at Work <bogawa@netvoyage.net> To: Ben Ives <ivesbf@WebbWorld.com> Cc: questions@freebsd.org Subject: Re: password protection Message-ID: <Pine.NEB.3.92.960326093353.4132A-100000@digital.netvoyage.net> In-Reply-To: <2.2.32.19960326034822.006a2670@webbworld.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 25 Mar 1996, Ben Ives wrote: > How can I password protect documents on the web? I have heard of a file > called .htpasswd that has something to do with it. There are a number of things involved, which are potentially complex and occassionally confusing. I'm presuming you're using Apache or NCSA here (actually, NCSA, but I think Apache's similar). This is a cookbook only, and presumes tons about your httpd setup. If you're configuring your httpd, you'll need to look at the manuals: Apache: <URL: http://www.apache.org/>; NCSA: <URL: http://hoohoo.ncsa.uiuc.edu/>; Essentially, you have to do two things: 1. Tell the httpd you want to use a password file, and where the password file will be. 2. Tell the httpd the username and passwords. To do 1, use a file called .htaccess in the directory you want password-protected. Here's a simple example: ---- cut here ---- AuthName NetVoyage Employees AuthType Basic AuthUserFile /usr/users/bogawa/www/manual/.htpasswd <Limit GET> require user bryan </Limit> ---- cut here ---- This file will prompt for the password for "NetVoyage Employees" (the exact syntax and appearance is browser-dependent). This will look in the file /usr/users/bogawa/www/manual/.htpasswd for the passwords. It will only accept requests from user bryan with a valid password. A password file looks like this: -------- cut here--password file ----------- bryan:$1$qP$mVYGkbck6MwwFdPKMmxAC. guest:$1$rt$pfewA0e.af7QzxVL59D/p/ -------- cut here ----------- So, the passwords are encrypted (with FreeBSD's MD5 crypt or another MD5 password encryption method, if I'm not mistaken). The password files are most easily handled with a program htpasswd which comes with NCSA and Apache. Invocation of htpasswd is: htpasswd [-c] filename username it adds the user named username to the htpasswd file named filename. The -c flag creates the file, without that flag it will modify or add the user as appropriate. There are a number of more advanced options (such as groups and global configuration file options), but this is designed as a simple cookbook example for someone to play with to get running. bryan Bryan K. Ogawa Questions or Problems with NetVoyage? help@netvoyage.net Check out the NetVoyage HelpWeb at.. <URL: http://www.netvoyage.net/~help/>;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.92.960326093353.4132A-100000>