University Computer Centre
Own User Administration

Access Control for Own User Administration

You can also control access to WWW documents via self-administered "secrets". To do this, write in the .htaccess file:

AuthName "protected area"
AuthType Basic
AuthUserFile full filename
AuthGroupFile full filename
Require user name ...     # or
Require group name ...    # or
Require valid-user

As AuthName a name is used that is displayed to the user when the identifier + password are requested. After AuthUserFile has to stand the full filename of the file containing the identifiers and passwords. E. g. /afs/tu-chemnitz.de/www/root/test/.htpasswd, for a file within the HOME directory, e. g. /afs/tu-chemnitz.de/home/urz/o/otto/public_html/restricted/.htpasswd

Such a file has lines with the following structure:
Identifier:encrypted-password

To generate such entries, this Web form must be used. This creates a line from your entries that you can transfer to a corresponding password file.

Alternative: Under Linux use the command htpasswd:
htpasswd pw-file www-name

In the file pw-file an entry with the name www-name is added or changed, if the name already exists. The password is requested. To create a new file the following must be used:
htpasswd -c pw-file www-name

In an AuthGroupFile groups of names (from the AuthUserFile) can be arranged: 

Group: name1 name2 name3 ...

Attention: These files should not be accessible via the WWW server. You can use .htpasswd as file name, since the server protects this file.

With Require one finally specifies which name (Require user name ... - from the AuthUserFile) resp. groups (Require group name ... -from the AuthGroupFile) access is permitted. You can enter several names or groups, separated by spaces. Require valid-user allows access to all users entered in AuthUserFile.

Example: Files in the dir21 directory should only be accessible to users who know a secret, namely the name Apple and the password pie: .htaccess -File in dir21 directory contains:

AuthName "Cozy Cake"
AuthType Basic
AuthUserFile /afs/tu-chemnitz.de/www/root/urz/www/auth/examples/dir21/.htpasswd
Require user Apple
AuthGroupFile was omitted, as it is not needed here.

The password file was created with:

unix> htpasswd -c /afs/tu-chemnitz.de/www/root/urz/www/auth/examples/dir21/.htpasswd Apple
Adding password for Apple.
New password: pie
Re-type new password: pie
Password for Apple changed.
Result