|HTTP Authentication example & run through - part 3|
|Part: 1 2 3|
Now we are going to create the file that holds the usernames and encrypted passwords. This business of creating passwords is handled by a program on the server called htpasswd. The first time you do this, you do two things... 1)You create a file named .htpasswd and 2) you create the first username/password pair.
Type htpasswd -c .htpasswd jimmy
You will be asked to enter the password twice (enter page).
Done! That's it. Everything in that directory is protected.
Here is a quick review of the steps involved again...
Now I'll add a user. We'll add user freddie with password ss345 (Close everything. We'll start from scratch.)
Telnet to the account and cd to the protected directory...
Type htpasswd .htpasswd freddie (Translated this means use the program htpasswd to add new user freddie to user file .htpasswd)
You will be prompted for freddie's password twice...
Bingo! New user. Try it. (username is freddie, password is ss345)
Note that access to that directory is allowed for as long as you have your browser open. If you zip right on in without being prompted for a password it may be because you've previously gained access. You could close your browser and try again.
As you accumulate users, your password file (.htpasswd) will start looking like this..
jimmy:.oRioUQCKQxrU freddie:IpVTuxjtdzFqM ralphie:OEfpigpLicSS2 billg:eubiaEVYpugW6 grant:5nAoq3e89lBtQ
To delete a user, simply delete his line in the password file. There are a couple ways to do this. One is to Telnet to the directory, open the password file in pico (pico .htpasswd) and delete it there. Or, you can use your FTP client to download .htpasswd, remove the appropriate line and send it back up.