OK, so it's compiled cleanly and now it's time to use it. You've come to the right place. Creating the necessary SQL information -------------------------------------- At the very least, you need a table in your database which has a list of usernames and their corresponding passwords. Having a field listing the group users belong to, or a separate table for that, is useful too, but you need usernames and passwords as a minimum. For instance: create table mysql_auth ( username char(25) not null, passwd char(25), groups char(25), primary key (username) ); This would work quite well. NOTE 1: You don't have to use a new table for the purpose of storing usernames and passwords; I quite happily use a 'members' table (with all sorts of other interesting information in it) with mod-auth-mysql. NOTE 2: The names given above are merely the defaults for the module. They can all be overridden if you have different names for your fields (eg password instead of passwd). Once your table(s) is/are created, you need to put the data in as appropriate. Telling Apache to protect the website ------------------------------------- First up, tell the module where it should be getting it's info from: Auth_MySQL_Info or AuthMySQL_DefaultHost AuthMySQL_DefaultUser AuthMySQL_DefaultPassword This should be placed globally. If you're going to use the same database all over your web server, you can use Auth_MySQL_General_DB to set that. This setting can be overridden in .htaccess files if AuthMySQL_AllowOverride is set. On that topic, if you want .htaccess files to be restricted in what they're able to connect to database-wise, you can AuthMySQL_AllowOverride no and the host, user, password, and database name cannot be changed. Create a .htaccess file in the directory you want to protect (or put the directives inside a Directory section in httpd.conf) with something like the following: AuthName "My Company's Financial Information - Top Secret" AuthType Basic require valid-user This will allow any user who can supply a username and password access. If you replace the require line with require user bill fred jane then only users who can successfully authenticate as bill, fred, or jane will be allowed access. Or, if you set the require line to require group executives then only users who are a part of the executives group will be allowed access to the documents in that directory. There is also the slight matter of how the passwords are stored in the database. Several different methods are available: Plaintext Crypt_DES Crypt_MD5 Crypt (basically Crypt_DES and Crypt_MD5, plus any other schemes your local crypt() call implements) PHP_MD5 (MD5 hashes, encoded the way PHP and MySQL both do it) MySQL (the hashing scheme used by the MySQL PASSWORD() function) You should list all of the available ways your passwords can be encoded in the Auth_MySQL_Encryption_Types config item. By default, only Crypt_DES is enabled. A common example, if you're using a PHP script to manage passwords, might be: Auth_MySQL_Encryption_Types PHP_MD5 Crypt Note that adding more types to be checked slows down authentication, and allowing the Plaintext type means that any hashed passwords stored in the DB become plaintext equivalents. The full set of directives available are now listed in the file DIRECTIVES, for ease of perusal.