Specifications
Like the PHP example, to use HTTP authentication, we need to name our realm as follows:
AuthName “Realm-Name”
You can choose any realm name you prefer, but bear in mind that the name will be shown to
your visitors. To make it obvious that the name in the example should be changed, ours is
named “Realm-Name”.
Because a number of different authentication methods are supported, we need to specify which
authentication method we are using.
We are using Basic authentication as specified by this directive:
AuthType Basic
We need to specify who is allowed access. We could specify particular users, particular groups,
or as we have done, simply allow any authenticated user access.
The line
require valid-user
specifies that any valid user is to be allowed access.
LISTING 14.8 .htpass—The Password File Stores Usernames and Each User’s Encrypted
Password
user1:0nRp9M80GS7zM
user2:nC13sOTOhp.ow
user3:yjQMCPWjXFTzU
user4:LOmlMEi/hAme2
Each line in the .htpass file contains a username, a colon, and that user’s encrypted password.
The exact contents of your
.htpass file will vary. To create it, you use a small program called
htpasswd that comes in the Apache distribution.
The htpasswd program is used in one of the following ways:
htpasswd [-cmdps] passwordfile username
or
htpasswd -b[cmdps] passwordfile username password
The only switch that you need to use is -c. Using -c tells htpasswd to create the file. You must
use this for the first user you add. Be careful not to use it for other users because if the file
exists, htpasswd will delete it and create a new one.
E-commerce and Security
P
ART III
318
18 7842 CH14 3/6/01 3:35 PM Page 318