Directory Password Protection


All Accounts:
To be able to use the following information requires some knowledge of UNIX and navigating in a UNIX shell. CalWeb offers Unix Shell access to user directories, but by default all users are set up with no UNIX shell. To activate your UNIX shell account you will need to call technical support at 916-641-9320, request shell access and define which shell you which to use.

Additional information can found NCSA Mosaic User Authentication Tutortial  at: http://hoohoo.ncsa.uiuc.edu/docs/tutorials/user.html

Business Accounts:
If you have a business account you will not be able to gain access to the business directories though the shell account. Please follow the instructions on
how to password protect a web page using FTP. You will still need the follow the instructions below to create the files you need.

FrontPage Accounts:
FrontPage accounts will need read the FrontPage documentation and use FrontPage to create and maintain Password Protected web sites. The following information will not work while FrontPage owns your web directory.

How to Create .htaccess and .htpasswd Files

.htaccess

The first file you need to look for is called .htaccess. This file is located in the root of your www directory. Using you UNIX shell locate this file. The easiest was to locate .htaccess, is by typing:

ls -al

You will get a listing of what is in you directory. For more Unix Commands, you can see the basics at http://www.calweb.com/support

You can also look for this file using an ftp program and then ftp-ing the file to your local machine. Make sure you do this as ASCII text only.

Now that you have located your .htaccess file open it up using an text editor, such as joe, vi, or pico. If you have ftp'd the file to your local machine then a basic text editor, like notepad, will be all you need. The .htaccess file should look like the following:

If you do not have a .htaccess file, all you need to do is cut and paste from the step by step instructions below and save it as .htaccess

Now that we have found our .htaccess file and we have it open in a text editor, we will need to add some lines to it.

The first line you need to add is:

AuthUserFile /www/home/users/login_initial/loginname/.htpasswd

Go ahead and change the path to reflect your user directory information, ie for our "webstaff" login this line will be. This specific line is very important as it tells the browser where to look for the file with the password, even if the .htaccess file is located in another directory within your web site.

AuthUserFile /www/home/users/w/webstaff/.htpasswd

The next line to add is:

AuthName "Any Name"

Where it says "(Any Name)" this is the label you will want to give your password dialog box when it pops in the browser. In this example will call it "Secret Stuff", so the line will look like this:

AuthName "Secret Stuff"

Now add the following line. Nothing needs to be changed in this line so it's just a matter of cut and paste.

AuthType Basic

With the first three lines added to your .htaccess file it should look very similar to the following:

AuthUserFile /www/home/users/w/webstaff/.htpasswd
AuthName "Secret Stuff"
AuthType Basic

We're not done yet, but very close. With your .htaccess file still open in your editor you will need to add the following three lines:

<Limit GET>
require user (any name)
</Limit>

It looks like html tags but acts much different. In the second line where it says "(any name)", this the login name you decide you want the browser to accept as a valid login name for the password.

Ours will look like this:

<Limit GET>
require user webstaff
</Limit>

So now that you have edited your .htaccess file it should very similar to following, along with the recommended changes to the paths and names.

AuthUserFile /www/home/users/w/webstaff/.htpasswd
AuthName "Secret Stuff"
AuthType Basic

<Limit GET>
require user webstaff
</Limit>

Save your .htaccess file and now your ready to create the your .htpasswd file. If you ftp'd your .htaccess file to your local machine, it is now a good time to upload it back your web directory on the server remember to do it ASCII text only.


.htpasswd

Back the UNIX shell. From the command prompt of your shell you will need to execute the command to create a .htpasswd file. Go ahead and type htpasswd at the command prompt and press "ENTER". (Leave out the . in htpasswd) You will see the following:

htpasswd

Usage: htpasswd [-c] passwordfile username
The -c flag creates a new file.
Exit 1

What the command is telling you are the instructions of how to create a password file. So all you need to is replace the terms of the Usage to complete the creation of your file. Here's how our command line looked:

htpasswd -c .htpasswd webstaff
  • The "-c" tells htpasswd to create a password file.
  • Our password file name is .htpasswd, but you can name it what you want, as long as it matches what your "AuthUserFile" line says in the .htaccess file.
  • The username is the what you specified for the "require user" line of your .htaccess file.

Press "ENTER", you should now be prompted for a "New password:", so have one ready. After entering the password your will be prompted to "Re-type new password".

Now you have a password file ready to be used for a web browsing password protected directory.


TESTing

Want to test your new found knowledge? Assuming that you followed the directions exactly you now have a .htaccess file and a .htpasswd file in your web directory, ie our web directory is:

/www/home/users/w/webstaff

Go ahead and create a new directory to be password protected. Ours we will call "secret". You can do this using the Unix command to make directory or through an FTP program.

Copy just the .htaccess file into this directory, again you can do this with the UNIX commands or through your FTP program. Just remember that when using an FTP program you do all your file transfers as ASCII only.

That's it to test if it works, open you favorite browser and type in the URL of your new directory, and a password dialog box should pop up prompting you for a user name and password.