Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0 > Modules

Apache Module mod_authn_file

Description: User authentication using text files
Status: Base
Module Identifier: authn_file_module
Source File: mod_authn_file.c
Compatibility: Available in Apache 2.0.44 and later

Summary

This module provides authentication front-ends such as mod_auth_digest and mod_auth_basic to authenticate users by looking up users in plain text password files. Similar functionality is provided by mod_authn_dbm.

When using mod_auth_basic or mod_auth_digest, this module is invoked via the AuthBasicProvider or AuthDigestProvider with the 'file' value.

Directives

See also

top

AuthUserFile Directive

Description: Sets the name of a text file containing the list of users and passwords for authentication
Syntax: AuthUserFile file-path
Context: directory, .htaccess
Override: AuthConfig
Status: Base
Module: mod_authn_file

The AuthUserFile directive sets the name of a textual file containing the list of users and passwords for user authentication. File-path is the path to the user file. If it is not absolute (i.e., if it doesn't begin with a slash), it is treated as relative to the ServerRoot.

Each line of the user file contains a username followed by a colon, followed by the crypt() encrypted password. The behavior of multiple occurrences of the same user is undefined.

The utility htpasswd which is installed as part of the binary distribution, or which can be found in src/support, is used to maintain this password file. See the man page for more details. In short:

Create a password file 'Filename' with 'username' as the initial ID. It will prompt for the password:

htpasswd -c Filename username

Add or modify 'username2' in the password file 'Filename':

htpasswd Filename username2

Note that searching large text files is very inefficient; AuthDBMUserFile should be used instead.

Security

Make sure that the AuthUserFile is stored outside the document tree of the web-server; do not put it in the directory that it protects. Otherwise, clients will be able to download the AuthUserFile.