need setup help

"Enable access control on your your drupal directory and subdirectories."

This can take many forms from the mod_auth_kerb module to the ldap_auth module for apache.

However, you are interested in the mod_auth and mod_access module.

Basic auth requires two files the htaccess file which provides the authtype and the htpasswd file which stores username, password, and group information.
I think you need to follow the directions here:

http://httpd.apache.org/docs/2.0/howto/auth.html

However this requires you to have shell access to the server.

A short version:

**create the file and the first user:

# htpasswd -c /usr/local/apache/passwd/passwords rbowen
New password: mypassword
Re-type new password: mypassword
Adding password for user rbowen

**add this to the htaccess
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /usr/local/apache/passwd/passwords
Require user rbowen

Its important to keep the server from serving up the htpasswd and htaccess file to someone who asks for it.

I hope this helps.

The short version.

> "with this module, Drupal honor's the web server's authentication"?

Yes, it does it inserts a user into drupal and automatically logs the user in.

No, this secures the entire site. There might be a way to do it but I am not an Apache expert, I know enough to be dangerous. If you just want to secure the admin pages and allow anonymous users to access content I think the best way would to use the Drupal authentication. You could hide the login link and then Drupal would ask you to login in when you accessed the admin pages.

Web server auth set up for remote authentication

Hi,
Background:
I am trying to set up this module to leverage remote authentication on to drupal site. The remote authentication will be handled by webgate module which is installed on the web server and at that point the user information will be available as it is being served by apache webserver.
Issue
To configure this as a preliminary test I am modifying the ht access file to restrict access in the same way mentioned above and the user could clear the server authorization part but being redirected to login page and the user information is not populated in the drupal user table.
Web server module was installed and enabled. Am I missing any configuration settings or redirect settings?

Any help is appreciated.

Thanks

Regardless of implementation this module performs the same check against three server variables. Any one of them will succeed:

 // Get the login name from the $_SERVER variable.
  $authname = '';
  if (isset($_SERVER ['REDIRECT_REMOTE_USER'])) {
    $authname = $_SERVER ['REDIRECT_REMOTE_USER'];
  }
  elseif (isset($_SERVER ['REMOTE_USER'])) {
    $authname = $_SERVER ['REMOTE_USER'];
  }
  elseif (isset($_SERVER ['PHP_AUTH_USER'])) {
    $authname = $_SERVER ['PHP_AUTH_USER'];
  }
  return $authname;

If you can see these variables set (via phpinfo() for example) then the module should pick them up.

Knowing nothing about your implementation, I would guess these variables are not being set.