You are responsible for setting up password protection for your web site. The following are detailed instructions on how to do this. (replace N in all commands below with your group number 1,2,...) Instructions on how to remove password protection ------------------------------------------------- If there is password protection for your site left over from a previous class (you know there is if you are asked for a password when you point your browser to your group's web site, http://www.cs.dal.ca/~ecmmN ), you can remove it as follows. 1. Telnet to borg.cs.dal.ca 2. Login to borg using your login name (ecmmN) and password 3. cd public_html 4. rm .htaccess .htpasswd Installing password protection as described below will automatically delete any leftover password protection. Instructions on how to password protect your web page ------------------------------------------------------- 1. Telnet to borg.cs.dal.ca 2. Create password protection for your web site using commands a-f: (you can cut these commands from your browser and paste them into telnet to save typing. Use the delete key in telnet to edit your commands). a. cd public_html b. cp ~igip/www/passfiles/htaccessN .htaccess c. cp ~igip/www/passfiles/htpasswd .htpasswd d. /opt/apache/bin/htpasswd .htpasswd ecmmN e. chmod go+rx .htaccess f. chmod go+rx .htpasswd The "htpasswd" command (d) will ask you for a password that protects your web pages for user ecmmN. You can supply the same or a different password from the one you chose in step 3. Using a different password is recommended for better security. The default htpasswd file copied from the igip account (c) already contains user inst and its password. Executing the "htpasswd" command (d) will add user ecmmN with your specified password. 3. Check that files .htaccess and .htpasswd have the right form after reading the following explanation. Syntactically incorrect files will prevent everyone from accessing the web sites. EXPLANATION password protection involves the installation of two files in your public_html directory, ".htaccess" and ".htpasswd". Both file names start with a . for a reason too obscure to mention here. ".htaccess" contains information about the user names allowed to access this web site, and about the location of the password file. ".htaccess" does not contain the passwords. ".htpasswd" contains a list of user names allowed and the associated passwords in encrypted form. The "cp" command copies the .htaccess file already created for you into the right place. The htpasswd command adds to the default password file (containing the inst user and a password, for use by the instructors), user ecmmN and your own password. Typical .htaccess and .htpasswd files are shown below %%%%%%%%%%% .htaccess File %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% AuthUserFile /users/cs/ecmm1/public_html/.htpasswd AuthGroupFile /dev/null AuthName "ecmm1" AuthType Basic require user inst require user ecmm1 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%% .htpasswd %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% inst:XNoRKkAlskb2. ecmm1:sdlwerxller %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% TO PASSWORD PROTECT A WEB PAGE FROM SCRATCH 1. copy the above .htaccess file to the directory to be protected 2. fix the pathname of AuthUserFile 3. put a suitable message for AuthName 4. edit/add one such line for each userid require user xxx 5. run for each userid /opt/apache/bin/htpasswd .htpasswd xxx to add the password