If you are going to limit directories by password, you first need to create a password file for your users. To do this, you will need to make use of the htpasswd program which came with your server. To find out where this program is installed, type which htpasswd at a UNIX prompt. Once you know where is is located, you can use it like this:

	htpasswd -c .htpasswd buddy

You may need to type the pathname of the htpasswd program before its filename. the -c option tells the program to create a new file. The next term is that filename. The last term is the user's name that you wish to add. The program will ask for a password for that user and then ask again for confirmation. If we were to follow the above step, we would get a .htpasswd file which looks something like this:

	buddy:y1ia3tjWkhCK2

The password has been encrypted and it is separated from the username by a colon. You could add another user by performing the same command (leaving off the -c option because the file already exists) and naming a new user:

	htpasswd .htpasswd zippy

Enter the password twice as instructed. Now your .htpasswd file looks something like this:

	buddy:y1ia3tjWkhCK2
	zippy:hG8Rrcw1Pnfw6

You can continue this for additional users. All you have to do now is tell your server which users to let in by specifying them in the .htaccess file.

You need to specify two things: where the user and password file is located, and which users to allow. To specify the file:

	AuthUserFile /otherdir/.htpasswd

Put the .htpasswd file in a directory outside of the tree of the directory containing this .htaccess file. Then continue with the standard .htaccess file:

	AuthGroupFile /dev/null
	AuthName My Secret Stuff
	AuthType Basic

The only thing left after that is to specify the actual users. The syntax is fairly straightforward:

	require user buddy zippy

You can specify multiple users on the same line as shown above. When the server encounters a request for this directory, it will display a popup box asking for a name and password. If one of the above names is entered along with its correct password, the user will be allowed access. Otherwise, they get an error message. The whole .htaccess file:

	AuthUserFile /otherdir/.htpasswd
	AuthGroupFile /dev/null
	AuthName My Secret Stuff
	AuthType Basic

	require user buddy zippy

That's all there is to authentication by password! Now you can either look at the tutorial on authentication by host or the tutorial on combining host and password authentication. In addition, there is a page of resources for some advanced uses of user authentication.