The method is simple. Direct the web server to a password database file which contains lines in the form of: "username:encrypted_password". This method provides no way of "expiring" accounts nor any other complicated authentication procedures. Such methods would be up to the reader of this documentation to develop.
First, it is necessary to create a file in the protected directory called ".htaccess". This contents of this file should look something like this:
AuthUserFile /put/the/path/to/the/password/file/here AuthGroupFile /dev/null AuthName Put_Your_Resource_Name_Here AuthType Basic <Limit GET> require valid-user </Limit>
| AuthUserFile | The argument is the path name of the password database file to use. For instance: /usr/users/myname/html/.mypasswords |
| AuthGroupFile | Not explained in the document. Use "/dev/null". |
| AuthName | The name of this resource. For example: Top Secret Web Site |
| AuthType | Use as given. |
Here is an example .htaccess file:
AuthUserFile /usr/users/myname/html/prot/.htpasswd AuthGroupFile /dev/null AuthName My Secret Little Place AuthType Basic <Limit GET> require valid-user </Limit>Now, there must be a password file. There is a simple utility to maintain a password file. This program is called "htpasswd", and can be run from a shell.
Railfan.net Webmasters Please
Check HERE for how to create the the password file online without a shell account.
The syntax is as follows:
htpasswd <file> <username> [password]
htpasswd -c <file> <username> [password]
htpasswd -d <file> <username>
In the above lines, <file> is the name of the password file.
<username> is the name of the user to be added to or modified in the
database. [password] is the password to be encrypted in the database file.
If the password is not given on the command line, the person who runs this
program is prompted for the password.
If the -c option is used, the password file is created from scratch. This means that if this <file> exists, the contents are lost.
If the -d option is used, the <username> in the database is deleted.
If no - option is specified, then <username> is added to the database.
Here are a few examples:
htpasswd -c /usr/users/myname/html/prot/.htpasswd fakeuser testpass
htpasswd /usr/users/myname/html/prot/.htpasswd testuser
htpasswd -d /usr/users/myname/html/prot/.htpasswd fakeuser
The first line creates the file, "/usr/users/myname/html/prot/.htpasswd",
then adds the user "fakeuser" with the password "testpass". The second
example adds the user "testuser" to the same file, then prompts for a
password to be used. The third example deletes "fakeuser" from the
password file.
We have a page which uses the "htpasswd" utility. Direct your browser to
"http://www.bluemoon.net/addpw.html". For security reasons, you must input
your username and password in order to use htpasswd.
We have also developed a page to generate the ".htaccess" file when given
a directory to protect, a resource name, and the path of the password
database. This page can be found at "http://www.bluemoon.net/prot.html".
All paths inputted to the programs are referenced just like in an FTP to
your domain web space. (For example, the path to your domain's main page
would be /home.html or /index.html)
Send Email to Webmaster
Be sure to replace " AT " with @ in your mailer
© 1998 - 2006 Blue Moon Internet Corp.
Unauthorized Use Prohibited