Setting up user authentication takes two steps. First, you create a file containing the usernames and passwords. Second, you tell the server what resources are to be protected and which users are allowed (after entering a valid password) to access them. After this is done you will need to create a user database. This is a file which contains username password pairs separated by a colon (:). For security reasons you DO NOT want to place this file in your Document Root. The key to all of this is that you cannot just create this file using a text editor. It requires that you use a tool called htpasswd (this is included in SWS). Say, for example, that you wanted to create a file called users to be your authentication file.
The following command would create this file with the user "dudley" as the first user entry in the file:
htpasswd -c /path/to/users dudley
The -c in the command tells htpasswd to create the new file "users". When you run the command you will be prompted to enter a password for dudley. The same command is used without the -c to add additional users to the file.
After this is done the server must be configured to use this file to control access to whatever it is you're wanting to protect. This is typically done on a per-directory basis with a directory and everything beneath it being protected. This is done with Directives in httpd.conf or, alternatively with a .htaccess file placed in the directory concerned.
To restrict a directory to any user listed in the users file just created, you should create a .htaccess file containing:
AuthName "restricted stuff"
AuthType Basic
AuthUserFile /usr/local/etc/httpd/users
require valid-user
|
The directive AuthName creates what is known as a realm for the protection you're creating. Once a user has entered a valid username and password, any other resources within the same realm name can be accessed with the same username and password. This can be used to create two areas which share the same username and password.
The AuthType directive tells the server what protocol is to be used for authentication.
AuthUserFile tells the server the location of the user file created by htpasswd. A similar directive, AuthGroupFile, can be used to tell the
server the location of a groups file (see below).
An additional directive which may be used is "require user" which could restrict a particular area to a particular user from the same users file. Another user whose user password pair was in the users file would not be allowed to access an area they were not explicitly allowed entrance to by the users file. In this way a single users file could control access to multiple areas.
A more detailed explanation is available in Apache Week's article on [1]Using User Authentication.