- Overview
- Installation & Uninstallation
- Local and remote management using IIS 7
- Context and processing order
- Apache compatibility
- Modules
- core functions
- mod_antibot
- mod_asis
- mod_auth_basic
- mod_auth_digest
- mod_authn_anon
- mod_authn_dbd
- mod_authn_default
- mod_authn_file
- mod_authz_default
- mod_authz_groupfile
- mod_authz_host
- mod_authz_user
- mod_cache
- mod_dbd
- mod_deflate
- mod_developer
- mod_dir
- mod_disk_cache
- mod_env
- mod_evasive
- mod_expires
- mod_filter
- mod_gzip
- mod_headers
- mod_hotlink
- mod_linkfreeze
- mod_log_config
- mod_logio
- mod_mem_cache
- mod_mime
- mod_proxy
- mod_replace
- mod_rewrite
- mod_seo
- mod_setenvif
- mod_so
- mod_speling
- mod_usertrack
- mod_xsendfile
- Articles
- Release history
- Troubleshooting
- License agreement
mod_authn_file
Overview
mod_authn_file module provides user authentication by searching their credentials in plain text file.
Quick start
Sample mod_auth_basic & mod_authn_file configuration in .htaccess
# Authentication type
AuthType Basic
# Name of area authentication will be used for (aka realm)
AuthName "secret area"
# Authentication provider. Here - mod_authn_file
AuthBasicProvider file
# Info for mod_authn_file - path to password file
AuthUserFile c:\inetpub\.htpasswds
# Access will be granted to all authenticated users
Require valid-userRelated articles and topics
- HTTP Authentication and Authorization
- Enabling site authentication not using Windows users
- mod_auth_digest
- mod_auth_digest
- mod_authn_dbd
- mod_authz_groupfile
- mod_authz_host
- mod_authz_user
Enviroment variables
| Name | Context | Description |
|---|---|---|
| enable_plaintext_passwords | S V D .h | Enables plain text passwords in password file; by default it is disabled |
Directives
| Name | Context | Description |
|---|---|---|
| AuthUserFile | S V D .h | sets the name of a text file containing the list of users and passwords for authentication |
AuthUserFile
AuthUserFile
directive specifies the name of a text file
containing the list of user-password pairs for user authentication.
File-path
is the path to the user file. If it is not absolute, it is treated as relative
to the current configuration file (
httpd.conf
or
.htaccess
).
Note!
You can put several
AuthUserFile
directives into the config file thus enabling Ape to load passwords from several files
that may be helpful for logical divison of users into groups
(not supported in Apache)
.
Syntax
AuthUserFile file-pathExample
AuthUserFile c:\inetpub\users\.htpasswds
AuthUserFile c:\inetpub\admins\.htpasswds
Each line of password file contains a username, colon and encrypted user password.
If the same username occurs several times,
mod_authn_file
will
verify the password against the first occurrence.
Passwords can be easily generated directly from the Helicon Ape Manager. Having opened
the Manager, create new file (
File -> New
) and go to
Options -> Insert user password...
;
you'll see the dialog allowing generation
of user passwords for Basic and Digest authentication.
To apply this module to, for example,
mod_auth_basic
or
mod_auth_digest
, it should
be defined in
AuthBasicProvider
or
AuthDigestProvider
respectively with
file
value.
That is the most usable authentication method as it is the simplest. Moreover, the password file may be edited manually. The shortcoming of this method is that it becomes very sluggish when the number of users grows up.
Security note! Don't locate passwords file inside the directory that it protects and inside web-server document tree. Otherwise, clients will have a chance to download it.