The AuthUserFile directive sets the name of a textual file containing the list of users and passwords for user authentication. Filename is the path to the user file. If it is not absolute (i.e., if it doesn't begin with a slash), it is treated as relative to the ServerRoot.
Each line of the user file file contains a username followed by a colon, followed by the crypt() encrypted password. The behavior of multiple occurrences of the same user is undefined.
The utility htpasswd
which is installed as part of
the binary distribution, or which can be found in
src/support
, is used to maintain this password file. See the
man
page for more details. In short
htpasswd -c Filename username
Create a password file 'Filename' with 'username' as the initial ID. It will prompt for the password.htpasswd Filename username2
Adds or modifies in password file 'Filename' the 'username'.
Note that searching large text files is very inefficient; AuthDBMUserFile should be used instead.
Security: make sure that the AuthUserFile is stored outside the document tree of the web-server; do not put it in the directory that it protects. Otherwise, clients will be able to download the AuthUserFile.
See also AuthName, AuthType and AuthGroupFile.