Understanding .htaccess files

In order to make use of user authentication, you need to understand .htaccess files. Let's look at an example .htaccess file now.

	AuthUserFile /otherdir/.htpasswd
	AuthGroupFile /dev/null
	AuthName My Secret Stuff
	AuthType Basic

	require user buddy

You can already make a few guesses as to how this file works. The first line seems to be pointing to a password file in some other directory. The second line refers to using groups instead of individual users. Setting its value to /dev/null effectively disables this feature. You can ignore this line for now, as group authentication is beyond the scope of this tutorial. The third line indicates some kind of name. The fourth line refers to the type of authentication. This tutorial only deals with type Basic. The last line looks like it is requiring something from a certain user by the name of buddy.

Is it that simple?

Yes, it is! As you can see, .htaccess files are not very complicated. They are ordinary text files with only a few key terms that you need to learn. The reason the filename begins with a period is to hide it from the casual user. The filename is normally pronounced "dot h t access". The UNIX file system recognizes files which begin with a period as special and hides them from directory listings unless a special command is used. Even then, there are ways to protect this information. Those means are beyond the scope of this tutorial.

You may now proceed to either the tutorial on host restriction or the one on password-based restriction. In addition, there is a page of resources for some advanced uses of user authentication.

Justin R. Miller / justin@openup.com / 04.24.98