mod_authn_filemod_authn_file overviewmod_authn_file module provides user authentication by searching their credentials in plain text file. To apply this module to, for example, mod_auth_basic or mod_auth_digest, it should be defined in AuthBasicProvider or AuthDigestProvider respectively with file value. mod_authn_file directivesAuthUserFile
AuthUserFile directive specifies the name of a text file containing the list of user-password pairs for user authentication. File-path is the path to the user file. If it is not absolute, it is treated as relative to the ServerRoot. Each line of password file contains a username, colon and encrypted user password. If the same username occurs several times, mod_authn_file will verify the password against the first occurrence. Password file may be created manually or with the help of htpasswd utility. The command: will prompt you to enter the password for user1 and will create the password file at the specified location. The file will contain the following info: user1:$apr1$9Y3.....$4fT.9GPTLwu4zwNTJ9HoE0 By default htpasswd utility encrypts passwords using MD5 algorythm, optionally it may be SHA1 or none. When using mod_auth_basic, this module is invoked via the AuthBasicProvider directive with the file value. That is the most usable authentication method as it is the simplest. Moreover, the password file may be edited manually. The shortcoming of this method is that it becomes very sluggish when the number of users grows up. Security note! Don't locate AuthUserFile inside the directory that it protects and inside web-server document tree. Otherwise, clients will have a chance to download AuthUserFile. |