CSUN  Wordmark
Page Description

The following page is a three column layout with a header that contains a quicklinks jump menu and the search CSUN function. Page sections are identified with headers. The footer contains update, contact and emergency information.

Online Instruction >>SOFTWARE >> Advanced Access

Password Protection and Guidelines

Follow the steps below to create a publicly accessible web folder on the CSUN server. Once you have created the web directory, you may create separate folders for each section of your web site that you want to protect with a password.
Connect to your web account
Open your Internet Explorer web browser (not Netscape) and connect to your account with this special address:
     ftp://username@csun1.csun.edu
Replace the username (bold orange text) with your CSUN username. As you connect, you will be prompted for your CSUN password.
Once you connect you will see icons for files and folders in your web account, although there may not be any there initially.
Create a public web folder

  1. Make a new folder in your web account called public_html if you do not have one with this name already (if you already have one, skip the rest of this section); to make a new folder, right click on the folders area, choose New, then choose Folder, and enter its name as public_html in all lowercase letters.
  2. Right click on this new folder and choose Properties; check all boxes in the Read and Execute columms, but only the Owner box in the Write column (it's possible that all the boxes will already be checked correctly).

Create the web folder you want to protect

  1. Make a new folder to protect; to make a new folder, right click on the folders area, choose New, then choose Folder, and enter its name (usually best to have in all lowercase letters).
  2. Right click on this new folder and choose Properties; check all boxes in the Read and Execute columms, but only the Owner box in the Write column (it's possible that all the boxes will already be checked correctly).
  3. Double-click on the new folder to open it, and leave your web browser window open.

Choose your protection method
You now have to decide how you want to protect your web site folders. You may choose differently for each folder that you create on your web site, but note that if you have a folder called private that uses one method, and a folder within it called john, that any restriction applied to private will also apply to john. In other words, restrictions on higher folders apply to lower ones, but not vice-versa.


Feature

Method A: LDAP

Method B: .htpasswd

What username / password is used?

Each person uses his/her own CSUN e-mail address and password

You choose a user name and password that everyone uses

Are there security concerns?

Not likely, because people are very unlikely to give out their own passwords

Posibly, because people can tell others how to access the site with the common user name and password

What about convenience?

Very convenient, because people don't easily forget their own e-mail addresses and passwords

Often inconvenient, because people will forget the user name and password that you make up

Are there limitations?

Yes, limited to CSUN community at this time, with no subgrouping yet; i.e., access cannot be limited to just students in one particular class, but can be limited to a list of individuals if desired

No, can be accessed by anyone from anywhere if they know user name / password combination

Which is easier to set up and change?

Very easy to set up and change

More challenging to set up and change

Which does CSUN recommend?

LDAP allows each person to access appropriate resources based on various criteria and is the preferred solution

The less-secure .htpasswd system is allowed because people not affiliated with CSUN may need access to private material on a web site

Create the .htaccess file
Whichever method you choose, you now need to create a small text file called .htaccess that you will place in each folder that you want to protect with a password. In many cases the .htaccess files will be the same but you may want to modify them for different people or groups.
To create the necessary text file, launch a text editor or word processor on your computer and open a new blank file with it. The text editor can be Word, SimpleText, Notepad, WordPad, WordPerfect, etc.
Once you have the new blank text file open, copy and paste one of the following chunks of bold text, depending on which method you chose to protect your folder:


Method A: LDAP

Method B: .htpasswd

AuthLDAPUrl ldap://ldap.csun.edu/o=csun?maillocaladdress
AuthName "Enter CSUN e-mail address for User Name"
AuthType Basic

Require valid-user




Alternatively...
If you want to limit folder access to individual CSUN members, you may use this format instead of the one above:
AuthLDAPUrl ldap://ldap.csun.edu/o=csun?maillocaladdress
AuthName "Enter CSUN e-mail address for User Name"
AuthType Basic

Require dn uid=
userid1,ou=People,ou=Auth,o=CSUN
Require dn uid=
userid2,ou=People,ou=Auth,o=CSUN
Require dn uid=
userid3,ou=People,ou=Auth,o=CSUN
In such cases, use one line of this type for each person, and change the userid (bold orange text) to the person's CSUN user ID (often something like hcrg012 -- not the e-mail address, although often the CSUN user ID is used in the first part of a CSUN e-mail address).

AuthUserFile /homedir/.htpasswd
AuthGroupFile /dev/null
AuthName "Access to this folder is restricted"
AuthType Basic

Require valid-user



You must replace the homedir (bold orange text) in this example with your home directory.
Your home directory can be found by following the steps below.

  1. Connect to csun1.csun.edu with SSH and log in with your user name and password
  2. Type pwd
  3. Look at the response and determine your home directory, which is the part in the colored area above.

While you're logged in...
You must set the password for the new folder according to the steps below. Be sure to change the group (bold orange text) to something that everyone's going to remember, like "art101" for an art class, for example. The password that you choose will also be made known to everyone. Both the group and the password are case-sensitive.

  1. Type htpasswd -c .htpasswd group
  2. Enter the new password (it will not appear on the screen)
  3. Re-enter the new password (also will not appear)
  4. Type chmod 644 .htpasswd

One last thing...
Change to the folder you want to protect -- this should contain the file called .htaccess. Once in that folder, type chmod 644 .htaccess

Save the .htaccess file and upload it to your web site
After you copy one set of the bold lines above into your blank text file, save the text file as "text only" and give it the name .htaccess on your computer's desktop.
Once you have the file saved on your computer, drag its icon onto the open web browser window. This should result in a copy of the new .htaccess file appearing in the web folder that you want to protect.
Test your password protection
Use any web browser to connect to your web site (either the main page or any other that you want to test). If the protection system is working correctly and you are trying to access a folder that has an .htaccess file in it then you should see a prompt requesting a user name and password.
The prompt will expect a CSUN e-mail address and corresponding personal password if you used Method A (LDAP). If you used Method B (.htpasswd) then it will expect the group and password that you made up.
What you see after you get past the protection depends on what's in your web site. If you have a web page there, you will see it. If you have no web pages in the folder, you will see a blank directory instead. If you don't get past the protection successfully then you will see a message to that effect and access will be denied.
Deleting passwords
To remove password protections, simply delete the .htaccess file (and .htpasswd file if using Method B).
Changing passwords
With Method A, each person controls his/her own password so there's nothing to change on your part. If that person's affiliation with CSUN lapses, such as when a student graduates and loses computing privileges, access will no longer be granted.
For Method B, the .htpasswd file can be edited. Note that the group (orange text) is the group name whose password you're changing.

  1. Connect to csun1.csun.edu with SSH and log in with your user name and password
  2. Type htpasswd .htpasswd group
  3. Enter the new password (it will not appear on the screen)
  4. Re-enter the new password (also will not appear)

One last note
A web-based system for setting password protection on your web site is also available. When connecting, enter your CSUN ID (such as xyz12345) and corresponding password.

Revised September 24, 2004, by Ken Stuart (kps1@csun.edu).