Manual Reference Pages  - XSAUTH (5)


.xsauth - XS-httpd authentication data


     Password Entries
     LDAP Authentication
See Also


An .xsauth file informs the xs-httpd webserver which authenticated users should be granted read access to a directory-hierarchy. Only users mentioned in this file can view the available data.

This file is created with the xspasswd(1) utility. This can also be used to add more username and password combinations later. However this utility can not be used to remove users or to add special options: for this you will need to edit the file manually and remove the line that mentions the obsolete user entry.

The .xsauth file can be used in data directories (HtmlDir) as well as in cgi-bin script directories (PhExecDir). So there is no need to implement authentication support in CGI scripts.

If you want to disallow access through the web-interface completely, or you want to restrict access based on IP addresses, use a .noxs file instead.

    Password Entries

Normal password entries consist of a L’ (locked) or U’ (unlocked), indicating if the password entry may be modified through the web-interface, using the xschpass(1) CGI binary (which is no longer installed by default). This letter is immediately followed by the username, a colon and the encrypted version of the password. This is optionally followed by an additional colon and a hash value to be used for digest access authentication.

    LDAP Authentication

Previous versions allowed LDAP configuration options in .xsauth files as well. This is no longer supported. Use xsconf(5) in stead to configure LDAP authentication.


httpd(1), xspasswd(1), xsconf(5)

The project homepage:

June 12, 2002 XSAUTH (5) xs-httpd/3.5