Introduction

Usually, you want as many people as possible to read your pages. There are however some exceptions where you want only a select group of people to be able to acces your pages. For this purpose, HTTP user authentication was designed. This page describes how to set up HTTP user authentication for webserver types that use '.htpasswd' and '.htaccess' files, such as the CERN and Apache webservers. If you are not a EuroNet customers, it is possible that your webserver can use these files but that ot has been configured not to let you make use of this option. If you are in doubt, check with the system administrator of your website.

With User Authentication you can specify that only certain people can acces your pages, based on :


Tutorial Contents



Basic ByPassword Authentication: Step By Step

Access control for a given directory is controlled by a specific file in the directory with the name .htaccess

So let's suppose you want to restrict files of user john in a directory called turkey to username pumpkin and password pie. Here's what to do:

That's all. Now try to access a file in directory turkey -- your browser should demand a username and password, and not give you access to the file if you don't enter pumpkin and pie. If you are using a browser that doesn't handle authentication, you will not be able to access the document at all.


Sometimes, you want to give a whole group of people acces to a particular set of pages, instead of all of them. For this purpose, the .htgroup file is used. If you want to create a group of users with pumpkin,radish and almonds, and no-one else, follow these steps :

That's it. Now any user in group my-users can use his/her individual username and password to gain access to directory turkey.


Prepared Examples

Following are several examples of the range of access authorization capabilities. The examples are served from a system at EuroNet.

Simple protection by password.

This document is accessible only to user fido with password bones.

Important Note: There is no correspondence between usernames and passwords on specific Unix systems (e.g. in an /etc/passwd file) and usernames and passwords in the authentication schemes we're discussing for use in the Web. As illustrated in the examples, Web-based authentication uses similar but wholly distinct password files; a user need never have an actual account on a given Unix system in order to be validated for access to files being served from that system and protected with HTTP-based authentication.


For More Information


Arno van Wouwe / arno@euronet.nl / 10-11-95