|Description:||User authentication using text files|
|Compatibility:||Available in Apache 2.1 and later|
This module provides authentication front-ends such as
mod_auth_basic to authenticate users by looking up users in plain text password files. Similar functionality is provided by
mod_auth_digest, this module is invoked via the
AuthDigestProvider with the
|Description:||Sets the name of a text file containing the list of users and passwords for authentication|
AuthUserFile directive sets the name of a textual file containing the list of users and passwords for user authentication. File-path is the path to the user file. If it is not absolute, it is treated as relative to the
Each line of the user file contains a username followed by a colon, followed by the encrypted password. If the same user ID is defined multiple times,
mod_authn_file will use the first occurrence to verify the password.
The encrypted password format depends on which authentication frontend (e.g.
mod_auth_digest) is being used. See Password Formats for more information.
mod_auth_basic, use the utility
htpasswd which is installed as part of the binary distribution, or which can be found in
src/support. See the man page for more details. In short:
Create a password file
username as the initial ID. It will prompt for the password:
htpasswd -c Filename username
Add or modify
username2 in the password file
htpasswd Filename username2
Note that searching large text files is very inefficient;
AuthDBMUserFile should be used instead.
htdigest instead. Note that you cannot mix user data for Digest Authentication and Basic Authentication within the same file.
Make sure that the
AuthUserFile is stored outside the document tree of the web-server. Do not put it in the directory that it protects. Otherwise, clients may be able to download the
© 2018 The Apache Software Foundation
Licensed under the Apache License, Version 2.0.