Basic Authentication with Apache 2

To enable basic authentication with Apache 2:

  1. Create a set of credentials for the user, using htpasswd. The syntax is:

    htpasswd /path/to/htpasswd/file username

    If the htpasswd file does not exist yet, pass the additional option -c to create it. For example:

    htpasswd /etc/httpd/htpasswd marios
  2. Enter the user password twice. This will create an entry in that file, with a set of credentials, e.g:

    [marios@centos6 ~]$ grep marios /etc/httpd/htpasswd 
  3. Basic authentication can be applied to a directory on the web server and its subdirectories with the Directory Apache directive, or to a URL and whatever follows it, with the Location directove. To apply it to a directory, add to your Apache configuration something like:

    <Directory /var/www/html/protected>
        AuthName "Protected"
        AuthType Basic
        AuthUserFile /etc/httpd/htpasswd
        Require user marios

    If you have multiple users, you can specify Require valid-user, in which case all users with credentials in the AuthUserFile will be allowed to login.

Optionally, you can further secure that specific directory or location with an AllowFrom directive, and restrict the ranges of IP addresses from which the directory or location will be accessible.

Basic Authentication Against Active Directory

To authenticate and authorize users against Active Directory, you will need to create an Active Directory user that will be used to bind to AD. In the following example, the user is apache_authentication_user and its password is apache_authentication_password.

AuthType Basic
AuthName "Authorized Users Only"
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPBindDN "CN=apache_authentication_user,OU=system_accounts,DC=example,DC=com"
AuthLDAPBindPassword apache_authentication_password
AuthLDAPGroupAttributeIsDN on
AuthLDAPURL "ldap://,DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"
<Limit GET POST>
    require ldap-group CN=sysadmins,OU=GROUPS,DC=example,DC=com
    require ldap-group CN=finance,OU=GROUPS,DC=example,DC=com

See Also

Posted on