Setting up a password protected area on joisey.whatexit.org
Initial setup
Create the subdirectory that will be password protected.
mkdir ~/public_html/blah/blah/blah
Request .htaccess be enabled for the directory
Send email to "tal" saying that you want a particular directory to be password protected. It's possible to have only specific files in that directory require a password, but I haven't done that yet, so if you figure it out please edit this page with detals.
The email should say something like: "Hi! I'd like Apache to ask for a password for directory
___________ as the
WhatexitHtAccess page describes."
Change the apache configuration
To do this, tal will first issue these commands as root:
chown USER:USER /home/USER/the/directory
touch /home/web/sec/passwd.USER
chown USER:USER /home/web/sec/passwd.USER
Then add this to the apache configuration file /home/web/conf/httpd.conf:
<Directory "/home/USER/public_html/pages/protected">
AuthName "USER Secret Stuff"
AuthType Basic
AuthUserFile /home/web/sec/htpasswd.USER
require valid-user
</Directory>
Adding users
- Log into the shell
- htpasswd -b /home/web/sec/htpasswd.amq USERNAME PASSWORD
Resetting a user's password
Do the same thing as "adding users"
Deleting a user
Edit the htpasswd.FOO file and remove the user
TODO
It is possible to let the user have more control. Basically, one enables apache so that when dealing with a particular directory, if there is a .htaccess file then it is read and used as if those commands were included in Apache's configuration (just for that directory). It's secure, because you can say, "Ignore the .htaccess file if it has anything other than the following comands..." but for some reason I don't tend to use this feature. Maybe I should. I'll have to think about it.
--
TomLimoncelli - 30 Sep 2003
to top