Faculty Web Home
Web Account Info
Apply for an Account
support / Support
Adding Special Features
Code Validators
FAQ
Getting Assistance
Other Campus Resources
Training
Policies / Guidelines
UNLV Images
Templates


Office of Information Technology


Password Protection


Demonstration | About Secure Directories | Instructions - PART 1 | Instructions - PART 2 | Instructions - PART 3 | Additional Information | Requesting Assistance

Demonstration

You can limit access to your web files by setting up a password-protected directory. Any files you wish to secure must then be placed within that directory.

To see how password protection works, try the following demonstration:

At the NAME prompt, type secret.

At the PASSWORD prompt, type word.

About Secure Directories

The file shown in the demonstration is located in a secure directory. Unless you know the correct login and password, you won't be able to access it. Please note that you cannot password protect individual files; instead, you must password protect a directory where you plan to save your sensitive files. To secure a directory, you must create two files: .htaccess and .htpasswd. Here are the files used to create this demo:

.htaccess
.htpasswd

Please continue on to the Instructions section for details on creating the .htaccess and .htpassword files.

In order to set up password protection on a directory, you'll need to have the following:

Instructions - PART 1

1. Create a new file and name it .htaccess.

(TIP: Don't forget the period in front of the name. Also, use a text editor such as NotePad, Simpletext, vi, or Pico to create the files. Word processing programs can add invisible characters to the code, causing the password protection program to fail.)

Place the following lines in the file:

AuthUserFile /export/home/xxxx/www/.htpasswd
AuthType Basic
AuthName 'Password-Protected Directory'

<LIMIT GET>
require valid-user
</LIMIT>

NOTES:
AuthUserFile: This is the FULL pathname to the .htpasswd file (which you will create in Step 2). To determine the path to the .htpasswd file you are about to create, do the following:

a. Using your Secure Shell application, log in and change into the directory you wish to secure.

b. At the prompt, type pwd. This will give you the full path to your directory.

AuthName: The AuthName is displayed when the password dialog box is presented to the user. It can say anything you like. Generally, it should be a short description of the directory the user is about to enter. If AuthName is not specified, the default "ByPassword" is used.

2. Save the .htaccess file in the directory you wish to secure.

3. Set the file permissions to 644 (chmod command).

Instructions - PART 2

1. Create the password file by typing the following command at the system prompt:

htpasswd -c /export/home/xxxx/www/.htpasswd username

TIP: The x's represent the full path to the .htpasswd file, and the -c option tells htpasswd to create a new password file.

2. Add additional users to the password file by typing the following command at the system prompt:

 htpasswd /export/home/xxxx/www/.htpasswd username

3. Set the file permissions to 644 (chmod command).

Instructions - PART 3

Test your secure page by trying to open it in your web browser. If you've set everything up correctly, you should get the login dialog box. If the page opens without asking for a password, check the following:

  • Is the content of your .htaccess file correct?
  • Is the path to the .htpasswd file correct in your .htaccess file?
  • Are the permissions set to 644 on .htaccess and .htpasswd?

Additional Information

For more information about password protection, please visit the Web:

Requesting Assistance

If you're having problems getting password protection to work, contact the Help Desk for assistance.

© 2006 University of Nevada, Las Vegas