Published using Google Docs
Apache_Password_Configuration
Updated automatically every 5 minutes

Collaborative Virtual Computer Lab (CVCLAB)

Penn State Berks

C.  Creating a Password File

This portion of the tutorial explains how to create the password file that will store the password to the website.  Without this file, Apache will not be able to authenticate a user.

  1. Open the Terminal.  To create a directory to store the password file in, type “mkdir -p /home/secure/”.  This command will make a directory called “secure” within the Linux home directory.  By storing the password file outside of the Apache directory, web users will not be able to access/download the file containing your passwords.
  2. Enter “htpasswd -c /home/secure/apasswords admin”.  The htpasswd command is built within Apache, and it allows us to create a password file.  In this case, the password file is named “apasswords” and it is located within the new secure directory.  The command also initiates the process to create a username, which was specified as “admin”.
  3. The command line will prompt for a new password to be set for the user “admin”.  Enter “topsecret” as the password, and then type it again when prompted to confirm.

  1. To view the password file, type “gedit /home/secure/apasswords”.  This will open apasswords in a text editor.  You should see the admin account listed, followed by its encrypted password that you set.

B.  Enabling Authentication

Now that a password file containing a username and password exists, Apache must be configured to allow authentication, as well as where to find the password file.

  1. In the Terminal, type “gedit /var/www/httpd.conf”.  This will open the Apache configuration file in a text editor.
  2. Type the following into the document:

<Directory>

AuthType Basic

AuthName “Restricted Access”

AuthUserFile /home/secure/apasswords

Require user admin

</Directory>

AuthType tells Apache to use the Basic authentication type, while AuthName is the message that displays to the user in the log-in prompt.  AuthUserFile tells Apache where to find the password file, and Require user defines the name of the user account to authenticate.

  1. Save httpd.conf by either clicking the Save button below the menu bar or by clicking File, then selecting Save.  After saving, the file may be closed.
  2. To apply your changes to the Apache server, restart the Apache service by typing “/etc/init.d/apache2 restart” into the Terminal.

  1. To test the authentication, open Firefox and enter “http://localhost” into the URL bar.  A pop-up will appear prompting you to enter credentials.

  1. For User Name, enter “admin”, and for Password, enter “topsecret”.  Then, click OK to log in.
  2. If the Apache server and password file have been configured correctly, you will be brought to the localhost home page as shown below.

Page  of