Configuring authentication for apache using password file

From Notes_Wiki
Revision as of 23:13, 17 November 2012 by Saurabh (talk | contribs)

Configuring authentication for apache using a password file

Allowing authentication via .htaccess

To configure authentication for apache using password file we can enter configuration lines in either '.htaccess' file or directly in 'httpd.conf' file. In case of authentication setup using '.htaccess' file following directive must be present in 'httpd.conf' for concerned Directory or VirtualHost

AllowOverride AuthConfig 


Creating password file

To create password file to be used for authentication, one can use 'htpasswd' utility. To create password file with desired user use:

htpasswd -c <password-file> <user-name>

The command will prompt for desired password for given user. Note that '-c' option is required only while creating a new file.

For security reasons, it is necessary for password file to be outside DocumentRoot so that users cannot simply download the file and crack the passwords.


Configuring authentication

To configure authentication enter following lines for appropriate Directory in configuration file:

AuthType Basic
AuthName "<realm>"
# Optional line:
AuthBasicProvider file
AuthUserFile <path-of-password-file>
Require user <user-name>

To allow all users one can use 'Require valid-user'.


Configuring groups

To allow a specific set of users group file is required. Group file has following syntax:

<group-name> : <user1> <user2> <user3> ...

To configure authentication via group following configuration lines can be used:

AuthType Basic
AuthName "<realm>"
# Optional line:
AuthBasicProvider file
AuthUserFile <path-to-password-file>
AuthGroupFile <path-to-group-file>
Require group <group-name>


Back to Apache web server configuration