The AuthUserFile directive sets the name of a textual file containing the list of users and passwords for user authentication. File-path is the path to the user file. If it is not absolute (i.e., if it doesn't begin with a slash), it is treated as relative to the ServerRoot.
Each line of the user file contains a username followed by a
colon, followed by the crypt() encrypted password.
The behavior of multiple occurrences of the same user is
undefined.
The utility htpasswd
which is installed as part of the binary distribution, or which
can be found in src/support, is used to maintain
this password file. See the man page for more
details. In short
htpasswd -c Filename username
Create a password file 'Filename' with 'username' as the initial ID. It will prompt for the password.htpasswd Filename username2
Adds or modifies in password file 'Filename' the 'username'.
Note that searching large text files is very inefficient; AuthDBMUserFile should be used instead.
- Security:
- Make sure that the AuthUserFile is stored outside the document tree of the web-server; do not put it in the directory that it protects. Otherwise, clients may be able to download the AuthUserFile.
- Also be aware that null usernames are permitted, and null
passwords as well (through Apache 1.3.20). If your
AuthUserFile includes a line containing only a colon (':'), a
'
Require valid-user' will allow access if both the username and password in the credentials are omitted.
 |
|
|
