Apache Module mod_authn_file

Summary

This module provides authentication front-ends such asmod_auth_digest andmod_auth_basic to authenticate users by looking up users in plain text password files. Similar functionality is provided bymod_authn_dbm.

When usingmod_auth_basic ormod_auth_digest, this module is invoked via theAuthBasicProvider orAuthDigestProvider with thefile value.

Directives

• AuthUserFile

Bugfix checklist

• httpd changelog
• Known issues
• Report a bug

See also

• AuthBasicProvider
• AuthDigestProvider
• htpasswd
• htdigest
• Password Formats
• Comments

AuthUserFileDirective

TheAuthUserFile directive sets the name of a textual file containing the list of users and passwords for user authentication.File-path is the path to the user file. If it is not absolute, it is treated as relative to theServerRoot.

Each line of the user file contains a username followed by a colon, followed by the encrypted password. If the same user ID is defined multiple times,mod_authn_file will use the first occurrence to verify the password.

The encrypted password format depends on which authentication frontend (e.g.mod_auth_basic ormod_auth_digest) is being used. SeePassword Formats for more information.

Formod_auth_basic, use the utilityhtpasswd which is installed as part of the binary distribution, or which can be found insrc/support. See theman page for more details. In short:

Create a password fileFilename withusername as the initial ID. It will prompt for the password:

Add or modifyusername2 in the password fileFilename:

Note that searching large text files isvery inefficient;AuthDBMUserFile should be used instead.

Formod_auth_digest, usehtdigest instead. Note that you cannot mix user data for Digest Authentication and Basic Authentication within the same file.