mod_authn_file

Overview

mod_authn_file module provides user authentication by searching their credentials in plain text file.

Quick start

# Authentication type
AuthType Basic
# Name of area authentication will be used for (aka realm)
AuthName "secret area"

# Authentication provider. Here - mod_authn_file
AuthBasicProvider file
# Info for mod_authn_file - path to password file
AuthUserFile c:\inetpub\.htpasswds
# Access will be granted to all authenticated users
Require valid-user

Related articles and topics

• HTTP Authentication and Authorization
• Enabling site authentication not using Windows users
• mod_auth_digest
• mod_auth_digest
• mod_authn_dbd
• mod_authz_groupfile
• mod_authz_host
• mod_authz_user

Directives

AuthUserFile

AuthUserFile directive specifies the name of a text file containing the list of user-password pairs for user authentication. File-path is the path to the user file. If it is not absolute, it is treated as relative to the current configuration file (httpd.conf or .htaccess).

Syntax

AuthUserFile file-path

Example

AuthUserFile c:\inetpub\users\.htpasswds

Each line of password file contains a username, colon and encrypted user password. If the same username occurs several times, mod_authn_file will verify the password against the first occurrence.

Passwords can be easily generated directly from the Helicon Ape Manager. Having opened the Manager, create new file (File -> New) and go to Options -> Insert user password...; you'll see the dialog allowing generation of user passwords for Basic and Digest authentication.

To apply this module to, for example, mod_auth_basic or mod_auth_digest, it should be defined in AuthBasicProvider or AuthDigestProvider respectively with file value.

That is the most usable authentication method as it is the simplest. Moreover, the password file may be edited manually. The shortcoming of this method is that it becomes very sluggish when the number of users grows up.

Security note! Don't locate passwords file inside the directory that it protects and inside web-server document tree. Otherwise, clients will have a chance to download it.