Basic Authentication for Apache

To implemented shared-account authentication in Apache, start by creating a user account and assigning a password to that account. You can do that with the htpasswd tool, like this:

htpasswd -c subscribers subscriber

This command prompts for a password and when you supply one, it creates a file called subscribers containing a single record for a user named subscriber, along with an encrypted version of the password you type in.

To control access to all the files in a directory, you need to associate the user account with a web subtree. In Apache, you do that in the server’s configuration file (either access.conf or the master file httpd.conf ) like this:

<Directory /web/Docbase/ProductAnalysis/docs>
AuthType Basic
AuthName subscribers
AuthUserFile /secure/subscribers
require user valid-user
</Directory>

Group Authentication in Apache

You can define a group of subscribers by listing names in a file, like this:

subscribers: ed joe sharon

If that group definition is stored in the file /secure/groups , you can use the following configuration directives to permit only group members:

<Directory /web/Docbase/ProductAnalysis/docs>
AuthType Basic
AuthName subscribers
AuthUserFile /secure/subscribers
AuthGroupFile /secure/groups
require group subscribers
</Directory>

In this case, you have to define the group in /secure/groups and also list all the individual subscribers and their passwords in /secure/subscribers .

Managing Larger Groups in Apache

If there are ...

Get Practical Internet Groupware now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.