HTTP Basic Authorization on Gemini
Basic authorization is used to restrict access to Web documents or CGI scripts by user name and password.The .htaccess File
The .htaccess file is created in the topmost directory that contains files to be protected. All files in the tree below this directory are also protected. The .htaccess file contains directives for either user or group authorization.User Authorization Directives
If user authorization is required, a valid user name and password must be entered.AuthType Basic AuthName "Title of the Protected Item" AuthUserFile /export/home/userdir/etc/htpasswd require user mickeyGroup Authorization Directives
If group authorization is required, a valid user name and password must be entered and the user must be a member of the specified group.AuthType Basic AuthName "Title of the Protected Item" AuthUserFile /export/home/userdir/etc/htpasswd AuthGroupFile /export/home/userdir/etc/htgroups require group miceThe User Authorization File
The user authorization file contains user name/password entries that are created by the htpasswd program. The passwords are encrypted. Entries may be removed with a text editor.% cd /export/home/userdir/etc % /usr/local/bin/htpasswd Usage: htpasswd [-c] passwordfile username The -c flag creates a new file.% /usr/local/bin/htpasswd -c htpasswd mickey New password: cheese Re-type new password: cheeseThe Group Authorization File
The group authorization file is an ASCII file that contains group names followed by a space-separated list of user names who are members of the group.% cat /export/home/userdir/etc/htgroups mice:mickey minnie
Security
The .htaccess file and the user and group authorization files must be readable by the Web server. This usually means making them world readable (chmod 644).Make sure that the user and group authorization files are stored outside the document tree of the web server (not under the public_html directory) so that clients will not be able to download the files. Do not put them in the directory that they protect.
Reference
Additional reading is available in an article entitled "Using User Authentication" from Apache Week.Help
Please contact Allen Porter (ahporter@montana.edu) for additional assistance.Updated October 18, 2001