Hi, first of all it's not a good idea to use your /etc directory for the user files, or to chmod anything to 777 that doesn't really need it. I suggest you try the following: Let's assume the directory you want to password-protect is at /home/apache/htdocs/mydomain.com/secure First you would create an .htaccess file like this:
cat>/home/apache/htdocs/mydomain.com/secure/.htaccess AuthName "G-ISAC Members Only" AuthType Basic AuthUserFile .htpasswd require valid-user make sure the file is world-readable: chmod 644 /home/apache/htdocs/mydomain.com/secure/.htaccess Now you create the users and passwords with the help of htpasswd, which is by default installed at /usr/local/apache/bin/htpasswd. Make sure you're in the /home/apache/htdocs/mydomain.com/secure directory, then do this (replace "username with a user's name"): /usr/local/apache/bin/htpasswd -c .htpasswd username htpasswd will ask you for a password, and create the file. Now you can add more users by doing /usr/local/apache/bin/htpasswd .htpasswd username2 Make sure this file is world readable as well: chmod 644 .htpasswd Now try to go to the protected directory, it should work. You may wonder why the .htpasswd file and the .htaccess files must be world readable. Well, they have to be in order for the webserver to access and check the usernames and passwords (so technically, it could also be owned by whatever user runs the webserver, and then be chmod to 600), but the configuration file of the apache webserver is by default denying any displaying of .htaccess files and .htpasswd files. Just try it, go to http://mydomain.com/secure/.htaccess, you will see displaying them won't work. Hope that helps :-) Chao, DrTebi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php