User Access and Authentication

User access and authentication schemes on some servers can be configured using the web host’s control panel. Using the controls offered by Webserve makes basic authentication a fairly simple matter once they turn off Front Page extensions. TextDrive is still developing TextPanel, so I am taking a wait and see approach before recommending TextDrive’s control panel (now using the quite ugly but very effective webmin).

To duplicate the same level of security for the Mac OS X web server, there is a great tutorial at O’Reilly’s macdevcenter.com. This is from a series of articles about Apache Web-Serving with Mac OS X by Kevin Hemenway, presently updated for Jaguar (though things are not much different for Panther or Tiger).

What the tutorial doesn’t cover is user groups stored in the .htgroup file. Poking around inside the webserve directories, I found the directory where the control panel is storing the .htpasswd and .htgroup files: /var/www/.htpasswd and /var/www/.htgroup.

A sample .htpasswd file:

username1:password
username2:password
username3:password

A sample .htgroup file:

groupname: username1 username2 username3

Now I can backup these files to my server and reproduce the same behaviour locally. In Mac OS X, these files can reside in the /Library/WebServer directory, being careful not to store them where the world could view them from the /Library/WebServer/Documents directory (depending on the firewall in place—mine being a router).

To protect a directory, create an .htaccess file in the directory with something like the following:

AuthName "Name of the realm being accessed"
AuthType Basic
AuthUserFile /Library/WebServer/.htpasswd
AuthGroupFile /Library/WebServer/.htgroup
Require valid-user

For more detailed information about other authentication methods, visit the Apache site to read about Authentication, Authorization, and Access Control. One note about .htaccess basic authentication (see Frequently asked questions about basic auth) is that there is no way to logout, except by quitting the browser.

comments | date posted posted Saturday July 23, 2005

The Builders Collective

The Builders Collective is about building community and building a repository of ideas, techniques and code for building a better world wide web.

Articles Archive > View Recent