Re: [cobalt-users] Arkeia

["Steven Werby" <steven-lists@xxxxxxxxxxxx>]

Florian Effenberger <florian.effenberger@xxxxxxxxxxxxx> wrote:
> First, you have to create the password. A possibility is to login via
> telnet and then enter
>
> perl -e "print crypt('password', 'CB')"
>
> For password, enter your password (NOTE: only the first 8 characters
> are being used) and for CB enter any two characters, they are used for
> the encryption scheme.
>
> Then create a .htaccess file in the directory you want as follows:
>
> =====
> order allow,deny
> allow from all
> require valid-user
> authname "Name Of Site As Shown In The Browser Password Window"
> authpam_enabled off
> authtype basic
> authuserfile /home/sites/www.mysite.com/users/myuser/web/.htuser
> <filesmatch "^\.ht">
> deny from all
> </filesmatch>
> =====
>
> In the file .htuser, make the following entry/entries:
>
> ====
> username:encrypted_password
> ====
Florian, I suppose all of that will work, but using the program "htpasswd"
which is already pre-installed on the RaQs, you can avoid the perl command
and manually creating the .htuser file entries.  "man htpasswd" for more
info. or search the archives or web.  Also, even though you use <filesmatch>
to prevent access to .htuser, it's still a good idea to store any password
files outside of the web tree.  If something happens with your Apache
configuration, you don't want to accidentally allow access to your password
file.  Sure the passwords are encrypted, but decrytping them is rather
trivial if one has access to numerous software packages and the time and
interest to do so.

Steven Werby {steven-lists@xxxxxxxxxxxx}