You can control access to a particular directory on your web
server using a concept commonly termed "user authentication".
The "Basic" user-authentication allows you to restrict
access to users who can provide a valid username/password
pair. The User Authentication Manager provides you with a
web-based interface to set up password protected directories
and provides your clients with a web-based interface such
that they can change their passwords.
Before you install and use the
User Authentication Manager on your Virtual Private Servers, you should
make yourself familiar with the definitions and directives
that are associated with user authentication. See the NCSA
User Authentication Tutorial.
To install the User Authentication Manager on your Virtual Private Servers you need to connect to your Virtual Private Servers via Telnet
or SSH and run this command:|
% vinstall htaccess
In order to prevent anyone from accessing your User Authentication
Manager, yet still allowing yourself access with administrative
privileges, you need to add a |
to your web server's access configuration file. Specifically,
you need to append the following lines to your web server
configuration file (~/www/conf/httpd.conf).
AuthName "User Authentication Manager"
<Limit GET POST>
require user admin
This directive limits access
to the User Authentication Manager (which is installed in
your ~/www/cgi-bin/library/htaccess directory), allowing
only those clients that authenticate using the user name "admin".
The crypted password for the user "admin" is stored
in the ~/www/htpasswd/admin.passwd file (this password
file was installed as part of the archive you untarred during
installation). The admin password is initially set to "5e5ame".
You are strongly encouraged to change this password which
can be done by running these commands:
% htpasswd ~/usr/local/etc/httpd/htpasswd/admin.passwd admin
You will then be prompted for
a new password and asked to retype your new password.
If you want to allow users to
change passwords remotely (described below) you will also
need to be sure that the option
ExecCGI is added
to the htdocs
Directory definition. The htdocs
Directory definition is found in your web server
configuration file. In this file, locate the htdocs
definition.... it should look something like:
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", or "FollowSymLinks"
Options Indexes FollowSymLinks Includes
ExecCGI (as shown below).
Options Indexes FollowSymLinks Includes ExecCGI
||Accessing the User Authentication Manager
You can access the User Authentication Manager on your Virtual Private Servers by typing the following URL into the web browser of
You will be prompted for a user
name and password before you can use the User Authentication
Manager. Use "admin" and the user name and the password
you selected during the configuration step above. After you
have authenticated, you will be prompted for either 1) a directory
that is currently password protected, or 2) a directory which
you would like to password protect. Enter the directory with
respect to your home directory, i.e. use "/www/htdocs/some/directory/"
instead of "/usr/home/LOGIN-NAME/www/htdocs/some/directory/".
If the directory previously
was configured for authentication, the User Authentication
Manager will display the contents of the .htaccess
file in this directory in a web-based form. You can then
add new users or groups, remove current users or groups,
change the password of current users, or change the composition
of current groups. You will also see that the
definition(s) are displayed in a web-based form.
If the directory you selected
was not previously password protected. The User Authentication
Manager will create a default .htaccess file in
that directory and then display it in a web-based form.
You can then add new users and new groups as you desire.
The User Authentication Manager
assumes that you have some basic knowledge about .htaccess
files. Should you find that you need more information about
specific features of the User Authentication Manager, you
should refer to the following URLs:
||Allowing Users to Change Passwords Remotely
Before a user can be provided with the capability of changing
his or her password using the User Authentication Manager,
you must first use the User Authentication Manager to view
or create a password protected directory. This is outlined
in the "Accessing your User Authentication Manager"
When you use the User Authentication
Manager to view or create the .htaccess in a directory,
a few changes are made to the file and directory contents.
One such change includes making a "shortcut" to
the User Authentication Manager in that directory. This "shortcut"
is not too different than that you would find on a Windows
95 or Macintosh desktop and does not impact your disk usage
in any significant way.
After you have accessed the directory
using the User Authentication Manager, you can now allow any
user to change his or her password via a web based form. The
user need simply access the User Authentication Manager "shortcut"
that is copied into the directory. For example, you might
add something like this to the web content in the protected
<a href="htaccess.pl">Change Your Password</a>
When your users access the User
Authentication Manager in the directory, the Manager will
display a form which allows the user to change their password.
Toll Free 1-866-GSP-4400 • 1-301-464-9363 • firstname.lastname@example.org
Copyright © 1994-2016 GSP Services, Inc.