From 27c5a92f97e96e2cc74c98f7b9d10d5553d8bc05 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Wed, 22 Jul 2015 10:42:32 +0200
Subject: Document how to configure Apache to request HTTP auth for phpMyAdmin
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michal Čihař <michal@cihar.com>
---
 doc/setup.rst | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/doc/setup.rst b/doc/setup.rst
index 3f96746c0d..172a41fd76 100644
--- a/doc/setup.rst
+++ b/doc/setup.rst
@@ -625,7 +625,23 @@ are always ways to make your installation more secure:
   phpMyAdmin, you can use :config:option:`$cfg['Servers'][$i]['AllowDeny']['rules']` to limit them.
 * Consider hiding phpMyAdmin behind an authentication proxy, so that
   users need to authenticate prior to providing MySQL credentials
-  to phpMyAdmin.
+  to phpMyAdmin. You can achieve this by confiuring your web server to request
+  HTTP authentication. For exaple in Apache this can be done by:
+    
+  .. code-block:: apache
+
+     AuthType Basic
+     AuthName "Restricted Access"
+     AuthUserFile /usr/share/phpmyadmin/passwd
+     Require valid-user
+
+  Once you have changed configuration, you need to create list of users which
+  can authenticate. This can be done using :program:`htpasswd` utility:
+
+  .. code-block:: sh
+
+     htpasswd -c /usr/share/phpmyadmin/passwd username
+
 * If you are afraid of automated attacks, enabling Captcha by
   :config:option:`$cfg['CaptchaLoginPublicKey']` and
   :config:option:`$cfg['CaptchaLoginPrivateKey']` might be an option.
-- 
cgit v1.2.3