Configuring authentication for apache using password file
Allowing authentication via .htaccess
To configure authentication for apache using password file we can enter configuration lines in either '.htaccess' file or directly in 'httpd.conf' file. In case of authentication setup using '.htaccess' file following directive must be present in 'httpd.conf' for concerned Directory or VirtualHost
Creating password file
To create password file to be used for authentication, one can use 'htpasswd' utility. To create password file with desired user use:
htpasswd -c <password-file> <user-name>
The command will prompt for desired password for given user. Note that '-c' option is required only while creating a new file.
For security reasons, it is necessary for password file to be outside DocumentRoot so that users cannot simply download the file and crack the passwords.
To configure authentication enter following lines for appropriate Directory in configuration file:
AuthType Basic AuthName "<realm>" # Optional line: AuthBasicProvider file AuthUserFile <path-of-password-file> Require user <user-name>
To allow all users one can use 'Require valid-user'.
To allow a specific set of users group file is required. Group file has following syntax:
<group-name> : <user1> <user2> <user3> ...
To configure authentication via group following configuration lines can be used:
AuthType Basic AuthName "<realm>" # Optional line: AuthBasicProvider file AuthUserFile <path-to-password-file> AuthGroupFile <path-to-group-file> Require group <group-name>