5. What about restricting access by username/password?
It is also possible to protect Web directories by username/password combinations. In order to set this up you should follow these steps if you using the OUCS web server (if you are using a different server contact that system's sysadmin):
- Log in to the Linux system
linux.ox.ac.ukusing your Oxford username and password
- Create a file containing usernames and encrypted passwords:
% htpasswd -c /web/users/$USER/cgi/myusers.passwd fred Adding user fred New password: rubbish (not echoed) Re-type new password: rubbish (not echoed)
- Make sure that the file which holds the passwords is
world-readable. For example:
% chmod a+r /web/users/$USER/cgi/myusers.passwd
AuthType Basic AuthName my-private-webpages AuthUserFile /web/users/aragog.oucs.ox.ac.uk/6/e/fred/cgi/myusers.passwd require valid-userAuthName can be anything meaningful to the people that need to supply a username and password (note that a value is required). If the name contains spaces, it must be given in quotes. Using the above example, when the username is requested the browser will display "Please enter username for my-private-webpages at users.ox.ac.uk"AuthUserFile is the location of the file you created in step . This file is actually held on the web server. Therefore you need to give it a path name which is meaningful to the web server:
- Make sure that
.htaccesshas got world read access:% chmod a+r .htaccess
- If you want to authenticate by both username/password and
client host address, you can use the Satisfy directive in
.htaccessto specify whether access is allowed if either test is passed, or if both must be passed (the default).