From owner-freebsd-questions Tue Mar 26 09:50:07 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id JAA03116 for questions-outgoing; Tue, 26 Mar 1996 09:50:07 -0800 (PST) Received: from digital.netvoyage.net (root@digital.netvoyage.net [205.162.154.10]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id JAA03111 for ; Tue, 26 Mar 1996 09:50:04 -0800 (PST) Received: from localhost (bogawa@localhost) by digital.netvoyage.net (8.6.13/8.6.9) with SMTP id JAA09881; Tue, 26 Mar 1996 09:49:51 -0800 Date: Tue, 26 Mar 1996 09:49:50 -0800 (PST) From: Bryan Ogawa at Work To: Ben Ives cc: questions@freebsd.org Subject: Re: password protection In-Reply-To: <2.2.32.19960326034822.006a2670@webbworld.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 25 Mar 1996, Ben Ives wrote: > How can I password protect documents on the web? I have heard of a file > called .htpasswd that has something to do with it. There are a number of things involved, which are potentially complex and occassionally confusing. I'm presuming you're using Apache or NCSA here (actually, NCSA, but I think Apache's similar). This is a cookbook only, and presumes tons about your httpd setup. If you're configuring your httpd, you'll need to look at the manuals: Apache: NCSA: Essentially, you have to do two things: 1. Tell the httpd you want to use a password file, and where the password file will be. 2. Tell the httpd the username and passwords. To do 1, use a file called .htaccess in the directory you want password-protected. Here's a simple example: ---- cut here ---- AuthName NetVoyage Employees AuthType Basic AuthUserFile /usr/users/bogawa/www/manual/.htpasswd require user bryan ---- cut here ---- This file will prompt for the password for "NetVoyage Employees" (the exact syntax and appearance is browser-dependent). This will look in the file /usr/users/bogawa/www/manual/.htpasswd for the passwords. It will only accept requests from user bryan with a valid password. A password file looks like this: -------- cut here--password file ----------- bryan:$1$qP$mVYGkbck6MwwFdPKMmxAC. guest:$1$rt$pfewA0e.af7QzxVL59D/p/ -------- cut here ----------- So, the passwords are encrypted (with FreeBSD's MD5 crypt or another MD5 password encryption method, if I'm not mistaken). The password files are most easily handled with a program htpasswd which comes with NCSA and Apache. Invocation of htpasswd is: htpasswd [-c] filename username it adds the user named username to the htpasswd file named filename. The -c flag creates the file, without that flag it will modify or add the user as appropriate. There are a number of more advanced options (such as groups and global configuration file options), but this is designed as a simple cookbook example for someone to play with to get running. bryan Bryan K. Ogawa Questions or Problems with NetVoyage? help@netvoyage.net Check out the NetVoyage HelpWeb at..