Simple Password Protection for WWW Directories
Note: This assumes you know the basics of Project Vincent, including how to use an editor to create web pages, how to change into the right directories, etc. If you don't know that stuff already, then go learn it and come back to this page later. This is a very to-the-point, step-by-step process for doing simple password protection; the intent of this page is not to teach you how to use unix or create web pages.
Steps to implement simple password protection in a WWW subdir:
Create the desired subdir (if it doesn't yet exist) and cd into it.
Change privs in the dir to give read/list privs to the
user www. Note that this user is Project
Vincent-specific; this is implemented differently in other systems,
especially non-/afs systems. The command for this is
fs sa . www rl
(within the protected directory). Use
fs la
to make sure you and www (and, optionally, system
admins) are the only ones with privs in that directory. If there are
others (there will probably be a system:anyuser), type
(for the system:anyuser example)
fs sa . system:anyuser none
to remove those privs.
Edit a new file called .htaccess --
The layout should be something like this:
AuthType Basic
AuthName CHOOSE-A-NAME
AuthUserFile /afs/iastate.edu/SOMETHING/.htpasswd
AuthGroupFile /afs/iastate.edu/SOMETHING/.htgroup
<Limit GET POST>
require group CHOOSE-A-GROUP-NAME
require user BOB
require user ME
</Limit>
For CHOOSE-A-NAME, do that. For SOMETHING,
put in the appropriate directory structure, up the the current directory.
(If you don't know that directory, use
pwd
to find it.) GET and POST are just in caps; leave them. For
CHOOSE-A-GROUP-NAME, do that, too, if you want a group name. (I
actually haven't played with groups much, so you might have to toy with
this and figure it out yourself. Other documentation is available if you
do a search elsewhere on the web, but keep in mind Project Vincent is set
up somewhat differently for the privs I've already mentioned. This part
would be the same, tho.) Also put in names for any users you want. These
can be upper, lower, or mixed case, and they have nothing to do with
Project Vincent usernames unless you make them that way.
Edit a file called .htgroup if you
choose to play with groups. The layout for that is something like the
following; just replace the all-caps stuff with the appropriate groups and
users that you are making up.
GROUP1: USER1 USER2 USER3
GROUP2: USER3 USER4
add www
Create passwords for each of the users you made up. I'm
not sure about groups, but I don't think you create passwords for them. I
think being a part of a group still requires your username and password,
but it could conceivably make it easier to give a group access and then
just update the group list in the .htgroup file rather
than messing with individual users all the time in the
.htaccess file. To create a password for a user,
use
htpasswd -c .htpasswd JOEUSER
for the first one (the -c creates a new file), and drop the
-c (just usehtpasswd .htpasswd
BOBUSER
) for additional users. When you type that,
it will prompt you for a password and a second time for verification (won't
echo on the screen). Note that it only uuencodes the password in
.htpasswd, which is one of the reasons this isn't the
ultimate security.
To change a password, just use
htpasswd .htpasswd OLDUSER
and it will let you enter a new one. It assumes anyone with write
access in that directory should be able to change the password, so it
won't ask for the old one, which is really convenient if you forgot
it.
To delete a user/password, take the user out of the
.htacess and/or .htgroup files,
and then remove the password by deleting the proper line in the
.htpasswd file. Removing it from the
.htpasswd file shouldn't be necessary, but if
you're concerned about conserving stray bits (or, more importantly, not
confusing yourself later), you can do it anyway.
Test it. Try logging in with correct and incorrect passwords. If something doesn't work, double-check your work.
This document is available at http://dsblack.public.iastate.edu/help/passwords.html.