The only remaining step is to define the entries in the password file.
To accomplish this, most servers come with a utility, usually named
htpasswd, that creates entries in the file.
To create the first entry in the file, use htpasswd with the
htpasswd -c /someplace/else/htpasswd larry
You'll be prompted for larry's passwd. When the command is complete,
the file will be created with an entry for larry. To add the remaining
users, drop the
htpasswd /someplace/else/htpasswd curly htpasswd /someplace/else/htpasswd moe
When you're finished, the file will look something like this:
larry:asy7Gtf56dgu1j curly:wIO98s.weru7ew moe:qwlm.7d56sANkdss
The first field is the user name, of course; the stuff after the colon
is the encrypted password.
That's it! Your password-secured directory is ready to go!
Working with groups
One way to limit access to a group of users is to list all their names
require user directive. This can get tedious, so
it makes more sense to define a group of allowed users instead. You do
this by using a
require group directive, naming the
group(s) that are granted access to the directory. This is exactly the
same as our previous example, but uses a group instead of an explicit
AuthUserFile /someplace/else/htpasswd AuthGroupFile /someplace/else/htgroup AuthName Stooges AuthType Basic <limit> require group stooges </limit>
Using any text editor, create
stooges: larry curly moe
When authentication occurs, the server will verify that the user name
and password are valid, and then will check to see that the user name is
in the group named
stooges. It's much easier to manage
membership in the stooges group by editing the
than it is to edit the
.htaccess, especially if you have
several directories all restricted to access by the stooges. Most
importantly, the group file can be maintained by someone who does not
have the ability to write into the document directory, allowing you to
separate the security management and content management responsibilities
within your server.