______________________________________________________________________________
WWW:  Password protecting WWW pages

Q.  How do I secure my WWW homepages such that only certain individuals can
    access the page with the appropriate password?

A.  Home page authentication is generally used in situations to protect
    various user homepages from non-authorized individuals. Such pages are
    protected by a password scheme which only authorized users may
    authenticate to view the secured page.
        
    For authentication to work for your homepages, you must create a seperate
    directory inside of the dirctory where you keep all your restricted
    homepages.  Generally, that directory is /www/$user, where
    $user is your account or login name.  For example, a user could create
    the directory /www/$user/secure where all their restricted
    pages are stored.

    Within the restricted directory /www/$user/secure is a file
    named:
        
                .htaccess

    This file is what our server uses for securing web page directories.
    The .htaccess file should be in the form:

                AuthUserFile /www/$user/.htpasswd
                AuthGroupFile /dev/null
                AuthName ByPassword
                AuthType Basic

                <Limit GET>
                require user guest
        	</Limit>

    In the .htaccess file shown above, there are a totalof five fields.
    The AuthUserFile field points to the location of the password file used
    for authenticating users.  The actual password file used for
    authenticating users is named .htpasswd and is located in the sub-
    directory /www/$user, where $user is your account name or
    directory.

    The AuthGroupFile field points to the location of the group file,
    generally used for authenticating more than one user or groups of
    users.  For our example, this field is not used so we specify
    /dev/null to say that the field is not used.

    The AuthName field is used as a "label" for the browser authentication
    session, and can be set to anything you want.

   
    The AuthType field describes the type of authentication to use and
    should be set to Basic, for Basic HTTP Authentication.

    The <Limit GET> field restricts the method GET for accessing the user
    page.  Other possibilities of limits or restrictions can be set for
    methods POST and PUT.  This particular example reqires user <guest> to
    enter a password before they can access your page.

    Actual password authentication of pages is done through the .htpasswd
    file.  This file is created with the Unix htpasswd command.  To create
    a password entry for user <guest>, you would issue the following
    command at the Unix prompt:

         htpasswd -c /www/$user/.htpasswd guest

    ...where $user is your account name or where you store your personal
    homepages.  At this point, you will be presented with a password
    prompt, enter the password which you would like to issue to user
    <guest>.  Once the command finishes, a new password entry would be
    made for user <guest> in the /www/$user/.htpasswd file.

    The directory /www/$user/secure and all pages contained in
    it are now secured and only accessible to those who login as user
    <guest> with the right password.


(02-Aug-96/wwwppwp/TL)
___________________________________________________________________________
Copyright 1996  Northwest Nexus Inc.  All Rights Reserved.
This document may not be reproduced nor redistributed in any form without
express permission; contact us at support@nwnexus.net with questions.