Controlling Web Page Access With HTAccess

from http://www.mcs.kent.edu/system/web_help/htaccess/introduction.html

Creating a .htpasswd file

The .htpasswd file contains all the valid usernames and encrypted passwords for the site. The full path to the .htpasswd file should be specified in the .htaccess file as the AuthUserFile.

It is important to note that the usernames and passwords are completely arbitrary -- there is absolutely no correspondence between the usernames and passwords used in your .htaccess file and the usernames and passwords of the same people on the system. For example, if your login name on aegis is jsmith, your username for the .htaccess file could also be jsmith, or it could be Jane. The important thing is to set up usernames that make sense for your site, and then to create passwords for those usernames.

The htpasswd command is used to create the username and password pairs. The full path for the command is /usr/local/apache/bin/htpasswd on most of our systems. Please note that the htpasswd command immediately encrypts every password before writing it to the .htpasswd file.

    To create the .htpasswd file, use the htpasswd command with the following format: htpasswd -c .htpasswd {username} This command will prompt you for a password for that user, and then will ask you to confirm that password. The password that you type will not be echoed onto the screen, and will be encrypted immediately.

    The output from the htpasswd command is a .htpasswd file with an entry with the form:

    {user}:{encrypted password} When adding additional users, use the htpasswd command without the -c option: htpasswd .htpasswd {username}
Example