# Password protecting
# the .htpasswd has: username:passowrd
# the password is encripted, to create a password use htpasswd utility that comes
# with apache (bin directory), Usage:
# htpasswd -c /usr/local/apache/passwd/passwords username
# For this to work, AllowOverride directive needs AuthConfig (AllowOverride AuthConfig)
# Not to ask the for the password in diferent directories, keep the realm the same
AuthName "Section Name - Password dialogo box text - and realm"
# Basic is supplied by mod_auth, and the password is sent unencrypted between browser
# and server, AuthType Digest is implement by mod_auth_digest and is more secure
# Only most recent versions of clients and know to support Digest authentication
AuthType Basic
# This file should be place somewhere not accessible from the web (cant be download)
# If large number of users exists, this can become quite slow, Apache has the ability
# to store user information in fast databases, check mod_auth_dbm
AuthUserFile /full/path/to/.htpasswd
# Require username if specific, and use groupds if required or, Require valid-user
# for multiple users and less specific info
Require valid-user
# Groups
GroupName: username1 username2 username3 etc
# Requires
AuthGroupFile /usr/local/apache/passwd/groupds
#Authentication notes:
# Username and password must be verified every time a request is done, even if loading
# the same page, and for every image on the page (if they come from a password protected
# folder. This slows down things and the slow down is proportional to the size of the
# password file, (open file, read file until this user / password). Once more than a few
# hundreds another authentication method should be consider (in manual also)
skip to main |
skip to sidebar
