Authentication of salespeople is managed by the password file users, stored in /usr/www/ok_users. This is safely above the document root, so that Bad Guys cannot get at it and mess with it. The file users is maintained using the Apache utility htpasswd . The source code for this utility is to be found in ... /apache_1.3.1/src/support/htpasswd.c, and we have to compile it with:
% make htpasswd
htpasswd now links, and we can set it to work. Since we don't know how it functions, the obvious thing is to prod it with:
% htpasswd -?
It responds that the correct usage is:
htpasswd [-c] passwordfile username The -c flag creates a new file
This seems perfectly reasonable behavior, so let's create a user bill with the password "theft" (in real life, you would never use so obvious a password for such a character as Bill of the notorious Butterthlies sales team, because it would be subject to a dictionary attack, but this is not real life):
% htpasswd -c ... /ok_users/sales bill
We are asked to type his password twice, and the job is done. If we look in the password file, there is something like the following:
Add subsequent users (the -c flag creates a new file, so we shouldn't use it after the first one):
% htpasswd ... /ok_users/sales ben
The password file ... /ok_users/users now ...