• Introduction
• Basic By-Password Authentication: Step By Step
• Some Examples
• For More Information

• Create a file called .htaccess in johns directory turkey that looks like this:

AuthUserFile /home/john/.htpasswd
AuthGroupFile /dev/null
AuthName Johns page
AuthType Basic
require valid-user

AuthUserFile must be the full pathname of the password file. This path can differ per ISP, so you'll have to contact your technical support contact for it, if the above stated example doesn't work.

Also note that in this case there is no group file, so we specify /dev/null (the standard Unix way to say "this file doesn't exist").

• Create the password file /home/john/.htpasswd

You can do this using a tool on the WWW. All you need to do is fill in a name, the password and then re-type the password. The password calculator calculates a diffrent encrypted version every time you run it, this is not something to be alarmed about.

Using cut & paste (or by simply typing the password over) you save all the lines in the password file, and upload that file to the server. A normal password file that allows acces to pumpkin, radish and john would look something like this :

pumpkin:NgFQ1vnnW/tJk
radish:mWaquohh.OY3w
john:EMt8amgnyuYD2

It's crucial that you press enter after each line (the last line should be an empty one, not a line with a password entry in it) and that you upload the file as 'text' or 'ascii'. Also, keep in mind that these lines are case-sensitive; you should enter a capital as a capital and a lower-case character as a lower-case character.

That's all. Now try to access a file in directory turkey -- your browser should demand a username and password, and not give you access to the file if you don't enter pumpkin and pie. If you are using a browser that doesn't handle authentication, you will not be able to access the document at all.

Sometimes, you want to give a whole group of people acces to a particular set of pages, instead of all of them. For this purpose, the .htgroup file is used. If you want to create a group of users with pumpkin,radish and almonds, and no-one else, follow these steps :

• Create a group file.

Call it /home/john/.htgroup and have it look something like this:

my-users: pumpkin radish almonds

... where pumpkin, radish and almonds are the usernames.
• Then modify the .htaccess file in the directory to look like this:

AuthUserFile /home/john/.htpasswd
AuthGroupFile /home/john/.htgroup
AuthName Johns page
AuthType Basic
require group my-users

Note that AuthGroupFile now points to your group file and that group my-users (rather than individual user pumpkin) is now required for access.

That's it. Now any user in group my-users can use his/her individual username and password to gain access to directory turkey.

Prepared Examples

Simple protection by password.

This document is accessible only to user fido with password bones.

Important Note: There is no correspondence between usernames and passwords on specific Unix systems (e.g. in an /etc/passwd file) and usernames and passwords in the authentication schemes we're discussing for use in the Web. As illustrated in the examples, Web-based authentication uses similar but wholly distinct password files; a user need never have an actual account on a given Unix system in order to be validated for access to files being served from that system and protected with HTTP-based authentication.

For More Information

• RFC 1321 on MD5 Digest Algorithm
• Apache webserver documentation