HTTP Authentication: example & run-through
Part:  1 2 3
<< HTTP Authentication Intro

Now we are going to create the file that holds the usernames and encrypted passwords. This business of creating passwords is handled by a program on the server called htpasswd. The first time you do this, you do two things... 1)You create a file named .htpasswd and 2) you create the first username/password pair.

Type htpasswd -c .htpasswd jimmy

You will be asked to enter the password twice (enter page).

Done! That's it. Everything in that directory is protected.

Here is a quick review of the steps involved again...

• Create the directory you wish to protect.
• Connect using Telnet and using cd (and ls if you need it), navigate to that directory.
• Create the .htaccess file with pico. Make sure you insert the full unix path to the password file.
• Create the password file with the first user/password.

Now I'll add a user. We'll add user freddie with password ss345 (Close everything. We'll start from scratch.)

Telnet to the account and cd to the protected directory...

Type htpasswd .htpasswd freddie (Translated this means use the program htpasswd to add new user freddie to user file .htpasswd)

You will be prompted for freddie's password twice...

Bingo! New user. Try it. (username is freddie, password is ss345)

Note, access to that directory is allowed for as long as you have your browser open. If you zip right on in without being prompted for a password it may be because you've previously gained access (possibly using jimmy/page). You could close your browser and try again.

As you accumulate users, your password file (.htpasswd) will start looking like this..

jimmy:.oRioUQCKQxrU
freddie:IpVTuxjtdzFqM
ralphie:OEfpigpLicSS2
billg:eubiaEVYpugW6
grant:5nAoq3e89lBtQ

To delete a user, simply delete his line in the password file. There are a couple ways to do this. One is to Telnet to the directory, open the password file in pico (pico .htpasswd) and delete it there. Or, you can use your FTP client to download .htpasswd, remove the appropriate line and send it back up.

A couple more notes...

Most browsers will offer to save the password for you. If you allow this, the username & password is encrypted and saved in a special file on your computer. Then, if and when you go back to that page, the site will ask for authentication and your browser will provide your saved user/pass and you'll gain access. In most instances this is done seamlessly and in the background and it will seem just like accessing a regular non-protected page.

I should also mention that HTTP authentication is not the only server based password protection scheme used. There are others. Some of these may not use the HTTP authentication method described above. Some may use an entirely different method.

And that wraps it up for me. I hope this little run-through has been of some use to you. And once again, let me stress.... some of this stuff can seem monumentally confusing the first, second and even third time out. But I promise, the more you do ANYTHING, the easier it will become...

GateKeeper - Javascript Password Protection

GateKeeper 1  ·  GateKeeper 2  ·  GateKeeper 3  ·  HTTP Authentication  ·  The Vault

HTML 4.0 Reference      Barebones HTML Guide