Configuring .htaccess for Password Authentication

 index
Simple Auth Group Auth Password Management Group Management

.htaccess: Simple Any-User Authentication

AuthUserFile /usr/local/htpasswd/.htpasswd
AuthGroupFile /dev/null
AuthName "Please enter password"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

.htaccess: Specific User or Group Authentication

AuthUserFile /usr/local/htpasswd/.htpasswd
AuthGroupFile /usr/local/htpasswd/.htgroup
AuthName "Please enter password"
AuthType Basic

<Limit GET POST>
require user joe sally bob
require group admins
</Limit>

.htpasswd User Password Management

While it's possible to create the .htpasswd file manually, it's usually much more convenient to manage passwords through the shell via the htpasswd command. Syntax is as follows:
  1. cd to the directory in which the .htpasswd file should exist
  2. type htpasswd -c .htpasswd username. This will create the new .htpasswd file and add the first username into it. It will then ask you for the password for that username.
  3. Add subsequent entries by typing htpasswd .htpasswd username.
  4. Your .htpasswd file will looks something like this: 
    user:$1$VqLTB/..$w1WS3OUqXwOr42xTHR31e1
user2:$1$zf1Wo/..$SRY1LpMqYVCsndxlLD1Hz/
An alternate method for adding new users to the .htpasswd file is to copy the username and encrypted password directly from the /etc/passwd or shadow file into the .htpasswd file. This is useful if the user would like to use their existing shell or FTP password for web authentication as well.

.htgroup User Group Management

The format for the .htgroup file is as follows: 
    # Example .htgroup file
group1:user1,user2,user3
group2:user2
The .htgroup file is always edited manually.