RE: How To Configure.htpasswd For Web Authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

First you'll have to do one of the following.
1. Change the documentroot so your apache site can see the 'int' directory. Your current documentroot is too specify as is to encompass both.
or
2. Create a new virtualhost with a documentroot of /var/www/html/int/<whatever>. If your original vhost is ext.domain.com, maybe this one should be int.domain.com. And have the link to the intranet point to int.domain.com

I would do #2 personally

Then, create a directory block in your vhost that you want to lock down and specifically the proper auth config.
For a basic authentication lockdown, you might have:

<Directory /var/www/html/int/main>
                AllowOverride None
                Order allow,deny
                Allow from all
                AuthType Basic
                AuthName "Secure Intranet site"
                AuthUserFile "/var/www/htpasswd/.int-htpasswd"
                require valid-user
</Directory>

Then, create the /var/www/htpasswd directory
Then, create your .int-htpasswd file
	htpasswd -s -c /var/www/htpasswd/.int-htpasswd some-username-to-create
Enter the password to create for the username specified on the command line.

Fix unix ownership/permissions on the htpasswd dir/file so only the apache user/group can read from the dir and file.
I usually do chown root.apache on them and then chmod 750 the dir and chmod 640 the file, but YMMV
Reload apache.
Browse to your intranet site url.

-Tony
---------------------------
Manager, IT Operations
Format Dynamics, Inc.
303-573-1800x27
abiacco@xxxxxxxxxxxxxxxxxx
http://www.formatdynamics.com


-----Original Message-----
From: Carlos Williams [mailto:carloswill@xxxxxxxxx] 
Sent: Monday, February 23, 2009 10:41 AM
To: users@xxxxxxxxxxxxxxxx
Subject:  How To Configure.htpasswd For Web Authentication

I have Apache2 up and running on my web server. My main goal is to
have a link on my index.html that links to my company Intranet.
Obviously I don't want everyone to be able to publicly browse my
Intranet so I am looking for a authentication method. I was advised to
use .htpasswd on Apache however I really have no idea where to begin.

DocumentRoot /var/www/html/ext/main

You can see the file structure below:

[root@web ~]# cd /var/www/html/
[root@web html]# ls -l
total 16
drwxr-xr-x 3 root root 4096 Feb 10 14:19 ext
drwxr-xr-x 2 root root 4096 Feb 19 16:38 int

My question is how to I have an authentication process using .htpasswd
if someone wants to access anything inside /var/www/html/int/*?

I have never done this before so I apologise in advance.

--
Carlos Williams
Linux System Administrator

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux