" I would like to create a password-protected web page that prompts a user for a username and password before allowing access. How would I do this?"

What you are trying to do is called "user authentication". The best place to learn about user authentication is from the source. NCSA has a very easy to understand tutorial at http://hoohoo.ncsa.uiuc.edu/docs/tutorials/user.html.

You should be aware of one difference when using this on our Virtual Servers.-- when you set up your .htaccess files, you will specify the AuthUserFile or AuthGroupFile with respect to your home directory.

However, when you set up your .htaccess files with the htpasswd command you will need to prepend "/usr/home/LOGIN_NAME" to the directory specification.

For example, let's say you have a subdirectory "members" in your main htdocs area. You would like to restrict access to this directory. This can be done by first creating a ".htaccess" file in the "members" subdirectory such as the following:

  AuthUserFile /etc/.htpasswd
  AuthGroupFile /dev/null
  AuthName Member's Only Page
  AuthType Basic

  <Limit GET>
  require user samantha
  </Limit>

This ".htaccess" file will only allow one user, "samantha", to access the directory "members"- provided the correct password is given. The password is to be stored in the "/etc/.htpasswd" file (see the AuthUserFile declaration in the ".htaccess" file above).

To create the password file and add user "samantha" issue the following command:

  htpasswd -c /usr/home/[login]/etc/.htpasswd samantha

Note that the -c in the htpasswd command specifies to create the .htpasswd file. Creating the file will overwrite any previous password files. Therefore to add a password to an existing file issue the following command:

  htpasswd /usr/home/[login]/etc/.htpasswd samantha

To change the password of an existing user, issue the same command as if you were adding a user to an existing file (shown above). The program will prompt for a new password.

The htpasswd specification does not provide a means for removing a user from the password file. Our suggestion is to manually edit the ~/etc/.htpasswd file and delete the user's entry.

Please Note: To run the htpasswd command correctly, you will need to prepend the "/usr/home/[login]" path to the password file specification (substitute your login name for [login]). You do not need the "/usr/home/[login]" path in the ".htaccess" file.