.user file format :

those file contain user-profiles.

You must have one such file for each user accessing the front-end.

example : users 'admin' and 'yoann' are in your .htpasswd file
   => create for them 'Profiles/admin.user' and 'Profiles/yoann.user'
      or they would only be able to be 'guest'
-----------------------------------------------------------------------
location : Profiles/ sub-directory
-----------------------------------------------------------------------
file name : UserName+dot+user (as guest.user for user guest)
-----------------------------------------------------------------------
content :

empty lines and lines starting with a # are considered comments and are ignored
each line should be like this :
parameter=value

known parameters are (for now) :

 - FullName : user full name (not used for now)
 - IPAccess : IP mask to allow access by IP
 - priv_delete : could this user delete alerts (none|all)
 - priv_user : could this user change other users rights (not used for now)

IPAccess could be :
  - an exact IP : 81.91.66.90
  - an IP mask, 255 being wildcard : 81.91.255.255

User password is not stored in this file as we relly on web-server built-in auth (directory pass-protected by YOU). You just need an HTTP-AUTH compliant web-server (Basic or Digest).

for example, for apache, you'll have :
  - a .htaccess file in the front-end main directory
  - a .htpasswd (Basic) or .htdigest (Digest) file somewhere

Tutorials on how to make such files are available there :
http://httpd.apache.org/docs/howto/htaccess.html (.htaccess files how-to)
http://httpd.apache.org/docs/mod/mod_auth.html (Basic Auth)
http://httpd.apache.org/docs/mod/mod_digest.html (Digest Auth)
http://online.securityfocus.com/infocus/1368 (PartI)
http://online.securityfocus.com/infocus/1369 (Part II)
http://online.securityfocus.com/infocus/1370 (Part III)
