Warning: The Delorie Password Manager makes no claims as to the security of the passwords it manages or the data it protects. This system is to be used for light-weight purposes only! If you need true security, contact your local system administrator or webmaster and ask them to advise you.
For each directory tree that you want users to have to enter a user name and password for, you need a password control file, a password file, and an .htaccess file.
The password control file
You must create a file with a suffix of .pw that contains instructions for the Delorie Password Manager. When you point your browser at this file, the user managment page will be displayed. For example, if you used sample.pw you might store this URL in your bookmarks:
http://www.delorie.com/web/pwmgr/sample.pwThe control file contains the following lines:
The password file
If the password manager runs as a process that can write to your directories (your webmaster will know this), it will create the initial password file for you. Otherwise, you must create an empty file that will be used to maintain the list of users and their passwords. This file must be writable by the process that runs the password manager program.
[ ISPs: Fill in specific instructions here ]
If you have unix shell access to the directory, you may use ``chmod a+w .htpasswd'' to make the file world writable.
The .htaccess file
This file defines the type of access control you want. If you don't set it up right, you'll just get server errors (number 500). If you do set it up right, your browser will ask you for a username and password when you first try to view the protected pages.
The recommended contents of this file are as follows:
[ ISPs: Fill in specific path here ]
AuthUserFile /usr/web/html/web/pwmgr/.htpasswd AuthGroupFile /dev/null AuthName Sample Realm Name AuthType Basic <limit GET POST> require valid-user </limit>
You may replace "Sample Realm Name" with whatever name you want the user to see when they are asked for their user name.