To the Brass Cannon Webboard
Established 1986
Kevin Martin - PO Box 82783 - Portland, OR 97282

This is a newsgroup posting I made in response to a request for help.... 

> Knowing abso-tively NOTHING about apache, how can I go about creating a
> page on our intranet which has the following characteristics:
>
> *- http://oursite.internal/~projects brings up an html page with a listing
> of projects;
>

The ~projects syntax refers to the public_html directory under a USER named
projects, i.e. /home/projects/public_html  -- might not be what you really
want.  Would make more sense to establish a docroot (in the httpd.conf file)
as something like /httpd and then create a subdirectory /httpd/projects, and
make the URI http://oursite.internal/projects

In Linux, "locate httpd.conf" is your friend.  Other platforms, grit your
teeth and use "find / -name httpd.conf"

> selecting one of the project links on that page requires authentication
> (I'm guessing using htpasswd, which I know essentially how to create...
> but confirmation would be nice).

Yep. To create the file, create your first entry "user1" (this is NOT a 
Unix account, just a made-up Apache username):

 htpasswd -c project.htpasswd user1

Prompts you for a password, enter it twice.  Hashes it and saves the result
into the (newly-created because of -c) "project.htpasswd" file.  This
assumes the project.htpasswd file goes in the same place as your httpd.conf;
the text I'm using assumes that is /usr/local/apache/conf -- yours could be
somewhere else.   If you rebuilt Apache, you can customize it when you run
.configure in the Apache src directory (which is something I would do in
your situation; the INSTALL file is just not that tough to get through.
Build a small script to run .configure for you and you'll have a
self-documented installation ).  Mine looks like this:

$ cat DO_CONFIG
./configure --prefix=/opt/apache \
--sysconfdir=/httpd/conf \
--enable-rule=SHARED_CORE \
--activate-module=src/modules/php4/libphp4.a \
--enable-module=most \
--enable-shared=max \
--htdocsdir=/httpd/htdocs \
--localstatedir=/var/lock/apache \
--logfiledir=/var/log/apache \
--cgidir=/httpd/cgi-bin \
--runtimedir=/var/lock/apache \
--proxycachedir=/var/lock/apache
# do not try to add both static and dynamic PHP!

For each additional user, repeat httpasswd BUT WITHOUT THE -c SWITCH.
(Sorry for shouting, but it's easy to miss).

Again, in httpd.conf, IF you follow my advice about the docroot, THEN add
lines:

 <Location /projects> # (the leading / actually refers to your docroot)
 AuthType Basic
 AuthUserFile /usr/local/apache/conf/project.htpasswd
 AuthGroupFile /usr/local/apache/conf/project.htgroup
 require group proj1 proj2  # See further comments* about this line
 </Location>

*OPTIONAL:  For a bit of extra flexibility, you can also create groups by
creating a plain text file project.htgroup which contains lines like this,
one per "group":

  proj1:user1,user2
  proj2:user2,user3,user4

These user#'s correspond to the users you created using htpasswd.  This way
you can have multiple "projects" and allow supervisors (e.g. user2) to see
all projects, while limiting some users (user1, user3, user4) to specific
projects, if that's necessary.  Take out the "AuthGroupFile" and "require
group" lines completely if you don't want this.

> then once the user is in, they can't really go into any of the other pages
> on the intranet, i.e., how do I tie the htpasswd in with that particular 
> page per user?

Much messier; you'd effectively have to use "<Location> deny" stanzas as the
default for the rest of the intranet.  Read the comments in your httpd.conf
working top to bottom, and you'll have as good a grasp of that as most of us
do.  You need to set up AuthType Basic for all locations to make that work;
usually people would leave the whole thing open and lock down just the
sensitive stuff such as the "projects" tree.