The credentials are sent with every http request, so there isn't really a "log in" involved. Multiple users can use the same log-in credentials at the same time.

bakerboy

Reply, thank you for the answer.

If I go forward, as stated in the Apache documentaion and set up a group file ---

1. for 300 persons that I want to give the following ability to: click on emailed URLs so that they can view documents residing in the directory that I have protected with my .htaccess file.

2. I would set it up (I have to go back and look at the Apache auth doc) - but I think it would be with a userid / passwd, idividually for all the people, rather then all of them using the rbowen login credential.

3. Can I assume based on how you mentioned 'login credential' that each person becomes 'authorized' via being able to enter their userid and passwd - to view the file, copy it off, print it (whatever).

3. However, since these people never went through an 'authentication' procedure, such as a 'login' to the unix side, they are not 'unique'.
That is, even with a group file containing credentials for 300 persons; there can still be 2 Deb's authorized at the same time to view the file. (Just like there could have been multiple 'rbowen's viewing the file.

thanx again.

Deb

If one set up a group file for let's say 300 potential users - these users don't reside in the unix passwd file - because they don't intereact with the machine in that fashion. I want to

Is there a reason you don't want to use a cookie based auth system?

[edited by: Demaestro at 10:14 pm (utc) on Jan. 7, 2009]

From my days as a unix admin, I 'think' ;-) I have some 'clue' about controlling a directory. I don't have as much html programming, web development experience. I currently have no idea how to program a cookie into a web page. I sort of go in the direction I have some inkling about. Is a cookie something I program in - or is it something I ask Apache to implement for a web page? Are cookies used for basic html/css type pages - no sql - no php, etc.

ARe you saying something like - Deb tries to view the file - gets auhorized via apache - then I get a cookie - therefore I can become a unique Deb?

Did that make sense?

Deb,

A cookie based system would require some coding outside of Apache with some server side scripting like PHP or Python.

There is nothing wrong with a basic auth system, it is just when you have several users it is easier to manage and track all the activity of a logged in user if you use cookies.

Basically it would go like this....

Deb goes to an HTML login page, after a correct login your login method would set a cookie with a unique username. Then Deb requests a file from a private directory only accessible by a PHP/Python method. That method checks for the cookie and verifies the cookie, then fetches the file. So Deb would never get actually get access to that directory, but a method with access to that directory can serve the files.