This is an image that says University of Nevada, Las Vegas

Password Protection

You can limit access to your web files by setting up a password-protected directory. Any files you wish to secure must then be placed within that directory.

To see how password protection works, try the following demonstration. When prompted, enter the word secure for the name and word for the password.

At the NAME prompt, type secure.
At the PASSWORD prompt, type word.

About Secure Directories

The file shown in the demonstration is located in a secure directory. Unless you know the correct login and password, you won’t be able to access it. Please note that you cannot password protect individual files; instead, you must password protect a directory where you plan to save your sensitive files. To secure a directory, you must create two files: .htaccess and .htpasswd. Here are the files used to create this demo:

.htaccess
.htpasswd

Please continue on to the Instructions section for details on creating the .htaccess and .htpassword files. In order to set up password protection on a directory, you’ll need to have the following:

  • A shell account. You can apply for one by emailing this address: ithelp@unlv.edu with the subject line “Faculty Web Server Shell Access Request”
  • Experience using a secure shell application, such as Secure Shell SSH or JellyFSSH (see recommended software).
  • Familiarity with basic UNIX commands

  1. Create a new file and name it .htaccess.
    (TIP: Don’t forget the period in front of the name. Also, use a text editor such as NotePad, Simpletext, vi, or Pico to create the files. Word processing programs can add invisible characters to the code, causing the password protection program to fail.)
  2. Place the following lines in the file:
    AuthUserFile /export/home/xxxx/www/.htpasswd
    AuthType Basic
    AuthName ‘Password-Protected Directory’

    <LIMIT GET>
    require valid-user
    </LIMIT>

    NOTES: AuthUserFile: This is the FULL pathname to the .htpasswd file (which you will create in Part 2). To determine the path to the .htpasswd file you are about to create, do the following:
    a. Using your Secure Shell application, log in and change into the directory you wish to secure.
    b. At the prompt, type pwd. This will give you the full path to your directory.

    AuthName: The AuthName is displayed when the password dialog box is presented to the user. It can say anything you like. Generally, it should be a short description of the directory the user is about to enter. If AuthName is not specified, the default “ByPassword” is used.

  3. Save the .htaccess file in the directory you wish to secure.
  4. Set the file permissions to 644 (chmod command).

  1. Create the password file by typing the following command at the system prompt:
    htpasswd -c /export/home/xxxx/www/.htpasswd username
    ( TIP: The x’s represent the full path to the .htpasswd file, and the -c option tells htpasswd to create a new password file.)
  2. Add additional users to the password file by typing the following command at the system prompt:
    htpasswd /export/home/xxxx/www/.htpasswd username
  3. Set the file permissions to 644 (chmod command).

Test your secure page by trying to open it in your web browser. If you’ve set everything up correctly, you should get the login dialog box. If the page opens without asking for a password, check the following:

  • Is the content of your .htaccess file correct?
  • Is the path to the .htpasswd file correct in your .htaccess file?
  • Are the permissions set to 644 on .htaccess and .htpasswd?

Additional Information

For more information about password protection, please visit: