Hamburger Helper by derk@sonic.net

Simple to use .htaccess Helper by derk@sonic.net

This is the fastest way I know to get .htaccess up and running on sonic. There are a lot of fancy configurations for .htaccess if you want to explore them you can find more info in the hoohoo docs. This program should be enough to get your first password protected directory with multiple users happening. I'm not an NCSA expert but I've been in the trenches for a while and I've done a lot of these for clients. So, if you follow all the directions here and enter the correct info you should have no problems, providing:
A)You follow the instructions to the letter.
B)You have a CGI directory at sonic.
C)You have a test directory set up to play in.
D)It doesn't rain

Ok, in a nutshell here's how .htaccess works:
A password box is created by the server because it is configured to spring into action when it encounters an .htaccess file in a web directory. Essentially, the .htaccess file tells the server where to find a file with name and passwords pairs. Then it compares what the person who is visiting your website types in the little password box to this file. If it can't find a match - it won't let the person in. The passwords are encrypted so if someone views the file they can't tell what the passwords are.
Here's a sample file with no encryption.

jedi:warrior
starwars:sellout

Here's the same file with encryption.

jedi:XXwMzWJGn5Hw.
starwars:XXDHN46LpUQ9k

The passwords have to be encrytped or the server goes - huh? But, more about this later. If your still confused - it's actually accomplished through magic. Or, it's God's will - whatever, it still works just fine if used correctly.

The .htaccess file
The .htaccess file contains the data the server needs to correctly run the program. You will need to create a file called ".htaccess" in the directory you want to password protect. The easiest way to do this is to use a simple text editor to make the file, and it will look something like the text below. However, you will have one written for you automatically in a few minutes.

AuthUserFile /usr/local/lib/httpd/cgi-bin/foo/passwords
AuthGroupFile /dev/null
AuthName Authorization Area Password Check
AuthType Basic
<limit GET>
require valid-user
</limit>

The main things you need to know about are:
The "AuthUserFile"
This is the file that will contain your name/password pairs. In this example the file is called passwords and it lives in:
/usr/local/lib/httpd/cgi-bin/foo/
On our system this should clue you into the fact that this directory belongs to the user "foo" at sonic.net, or foo@sonic.net. It's probably best right now to put the AuthUserFile or "passwords" file in your main cgi directory. Well, it's easier for us right now, but somebody is sure to let me know how wrong I am. To make sure the .htaccess file is correctly written please put your login name at sonic in the box below.
My login name is:

The "AuthName"
This tells the server/browser what to print in the little password box when somebody tries to access the directory.
Put what you would like your password box to say in the box below.
Remember you can say anything you want such as:
"My Access Controller" or "Calvin's Tree Fort - No gurlz"
But, keep it short and simple.

<limit GET>
require valid-user
</limit>
This stuff refers to the method the server should use to check for access. Of all the mumbo-jumbo associated with htaccess I like this setup best. One file controls/allows multiple users and protects a single directory. There is little confusion as to what the file is protecting. You can find other methods in the hoohoo docs.

Tales from the crypt
The NCSA .htaccess scenario utilizes the UNIX "crypt" function to scramble up your passwords. It's like throwing a cheese burger in a blender on "mulch" and whaddya know, if you didn't know it was a cheeseburger you'd probably think it was BBQ beef sandwich - Well, by using crypt the server ALWAYS knows thats the remains of a cheeseburger. Your password is associated with your username in your password file.
So, suppose you want to give a friend named "Sam" access with the password "Donaldson".
Well here's some suggestions: It's ok to use Sam as a username, but for clarity use "sam" all lowercase. Also if other people know you know Sam use another word Sam can easily remember like "toupee" and not his last name.
Ok we have a user named "sam" with a password "toupee"
Heres what that pair would look like in the AuthUserFile (passwords)

sam:XXSw2U8jG4stE

I've heard that really smart people can probably descramble the password- but they are most likely breaking into something much more important elsewhere. Like a bank.
At this point you may have some questions, so...
Q. So how do you encrypt the passwords?
A. Simple, put the names and passwords you want to use in boxes below and I'll encrypt them for you.
Q. But wait! You'll know my passwords!
A. This is free and I've proved I'm a nice guy by wasting my time doing this.
OK fine, here's a copy of the script - if you don't know why it's safe, ask Gabe!
So have we settled the issue? Good. Now enter up to 4 names/passwords below.

Name A Password A
Name B Password B
Name C Password C
Name D Password D

Next, you'll need to get the following applications fired up on your desktop:
1)Web Browser - Duh... :-P
2)An ASCII Text Editor - Like "Notepad" for people with decent computers. :-)
Ready? Lets do this thing!

Okie Dokie press the button slowpoke!