Wednesday, May 7, 2008

Configuring Basic Authentication on Apache

Although there are many different authentication methods available for web services, basic authentication is still the simplest and most common authentication method used. This post is target to give you a quick example on how to configure basic authentication on apache.

Create a password file

htpasswd is the command to create a password file, example:
htpasswd -c passwd panda
New password: mypassword
Re-type new password: mypassword
Adding password for user panda

The -c flag is used only when you are creating the file. You can omit the -c flag if you want to add more users to an already created password file.

You should store the file in a secure location. And you should set permissions on the file so that only the webserver can read the file and only root can write to it:

chown root.nogroup /etc/httpd/secret/passwd
chmod 640 /etc/httpd/secret/passwd

Configure httpd.conf

For more information, please refer to official apache doc:

1 comment:

Anonymous said...

sometimes basic auth is needed for compatibility, but one down side is that many browsers still have awkward handling, and seem to prefer form-based authentication for usual web page access