authentication in apache for a subdirectory

redhatdude at bellsouth.net redhatdude at bellsouth.net
Wed Jun 22 22:14:15 UTC 2005


Hello Ankush,
To make a folder password protected you need more than just that  
<Directory> entry in your httpd.conf file. You need to first create  
the password for the user that would be having access to such folder.
You have two options to protect a folder but they're not very secure.  
The first one is Basic with the htpasswd command. Basic transmits the  
user and pass in clear text. The second one is Digest with the  
command htdigest. Digest does not transmit the user and pass in clear  
text. However, the communications after authentication is not  
encrypted and can be picked up by a sniffer. The third method would  
be to use either one of these two methods over SSL which is a little  
bit more complex but it encrypts everything making it very secure.

For Basic authentication issue the following command:

htpasswd -c /opt/htpasswd/passwd.users username

In httpd.conf

<Directory /var/www/html/myfolder>
AuthType Basic
AuthName  "Access to the Modules"
AuthUserFile /opt/htpasswd/passwd.users
Require user username
</Directory>

For Digest issue the following command:

htdigest -c /opt/htpasswd/passwd.users username

In httpd.conf

<Directory "/var/www/html/myfolder">
Order Deny,Allow
Deny from .gov   <-----------You can use this in both methods to deny  
certain domains to access your folder
AuthType Digest
AuthName "username"
AuthDigestFile /opt/htpasswd/passwd.users
Require user username
</Directory>

I hope this helps

EJ


On Jun 22, 2005, at 8:20 AM, Ankush Grover wrote:

> Hey,
>
>   I want to configure authentication for a particular directory and
> subdirectories below that directory.
>
> I have written these entries in httpd.conf ,but authentication is  
> not working.
>
> <Directory  /var/www/html/open/hms/modules>
>   AllowOverride   AuthConfig
>   AuthType   Basic
>   AuthName  "Access to the Modules"
>   AuthUserFile   /opt/htpasswd/passwd.users
>   Require        valid-user
>    </Directory>
>
>
> Can anybody tell me why the authentication is not working.I want that
> any user who tries to access modules directory or anyother directory
> below should be prompt for username and password .
>
>
> Thanks & Regards
>
> Ankush Grover
>
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>




More information about the fedora-list mailing list