Basic authentication is relatively simple in both principle and implementation. The client requests access to a directory or file that requires authentication. Apache replies with a request for a username and password (error 401). When the client returns this information, Apache checks it against a file containing a list of users and (ironically) encrypted passwords. If the username supplied is on the list, and the password matches, Apache grants the client access. Apache also supports groups, so you can group a list of names and allow or deny access to a group as a whole.

Username/password combinations are valid for a given realm (a named group of files or directories), which simply provides the administrator with a means to further granularize (or alternatively broaden) the scope of access.

Apache requires two elements for basic authentication: a username/password file, and the appropriate directives in httpd.conf. The example that follows begins with the creation and population of the password file.