Basic Authentication with Apache / Page 2 | WebReference

Basic Authentication with Apache / Page 2


Basic Authentication with Apache [con't]

Allowing Specific Users

The configuration shown above will allow all users from the password file through to this section of the website. You can optionally select specific users from the password file that you want to grant admission to. Say you want to only grant access to the user calvin, modify the configuration Require parameter to the following:

Remember to restart Apache after making any changes to the configuration file.

Using Groups

Much of the time, you will want to allow a small number of users access to protected sections of a website. However, there might be a scenario wherein you need to manage a large number of users. In such a case, it might make sense to create groups of users and grant access to the group rather than to individual users. To set this up you need to create a group file, like the password file you created earlier, which will contain the information mapping users to groups. Again, there is no standard location or file name for the group file. Create the group file /etc/httpauth_groups and enter the following content into it:

Now modify the Apache configuration you made earlier and change the AuthGroupFile and Require sections to look something like this:

The changes that have gone in are to AuthGroupFile which was changed from /dev/null to the group definition file, /etc/httpauth_groups, and to the Require section where we have entered the group name, team, instead of valid-user.


Setting up a basic user authentication system with Apache is a good way to protect small projects. However, it is by no means a robust and highly secure user authentication system. Apache supports a number of third party user authentication systems, which offer far more robustness and security, such as LDAP, Kerberos, and Active Directory. On the upside the basic authentication system is quick and easy to setup, does not require any installation as everything it needs ships with Apache, and it's reasonably flexible to use.

Original: April 30, 2009