Help - Search - Members - Calendar
Full Version: Apache Authentication Help
Linuxhelp > Support > Technical Support
albustansintra
Hello..

I'm back with another unsolved mistery..

Objective:
I need to have minimal security for one of my apache virtual directories.
So I decided to use , Basic Authentication through .htaccess.
I tested the website and it runs just fine, but I cant seem to get the server
to accept the username and password I supply at the prompt.
What is done:

I have configured .htaccess at var/www/html/acid/.htaccess confgured like this;

AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /var/www/passwords/passwords
Require user acid

The file at directory (acid) is my virtual directory.
note: website runs just fine problem is having it accept my user & passwd

I used the following procedure to create the password and user acid:

htpasswd -c /var/www/passwords/passwords acid

when I look into /var/www/passwords/passwords it gives me this:

acid:qkJSTozwMfs4A

so the user & pass have been created!

The problem is that I put the url on my mozilla or on a Billzilla and get a prompt for username & password,
but no combination of usernames & passwords seem to work.
Am I missing something here?
____________________

Just to make things worse, I started following a tutorial from http://hoohoo.ncsa.uiuc.edu/docs/tutorials/user.html It is a great beginers guide to apache but (and it would be great if someone could confirm this for me), at the end of the tutorial there are some examples about apache authentications and I cant access any of them!! the exact same problem I get tryeng to access my remote basic authentication web site.

I would have configured 10 windows machines with the time I've spent on this RH9, but this is soo much more fun ; - )

Could someone please help me out!!
chrisw
if you dont use a group file you have to add something
to the "require user" line so you dont have to add the
user to a group file..i dont remember what it is..
but i can find the link and post it here for you

if i cant find it, in the mean time
add an authgroupfile like the following:

AuthUserFile /var/www/passwords/groupfile

go into /var/www/passwords/

create the file using a text editor like vi or pico...whichever you use

and in the file type the following

groupname:acid

where groupname is a group you decide
for example my group i use is "web" without the " "'s
and acid is your login name for authentication

and in your file .htaccess file change

require user acid

to

require group <groupname>
<groupname> being whatever you used in the groupfile
i told you to create...

but in the mean time im looking for the link
to show you what to add for your way of doing it..
like i said should work but you are missing something...
chrisw
http://httpd.apache.org/docs/howto/auth.ht...html#basicworks


here is the link i told you i would look for....

but before you go there....try the following

replace the following in your .htaccess file:

Require user acid

with:

Require valid-user

if that doesnt work go to the web address i posted and its
very good for authentication stuff with apache
albustansintra
Ok, thanks for checking that out so quickly. I'll give it a go now.
albustansintra
Ok, got it.. finally..

I followed the link you'd sent me and basically it was what I had configured already, I then used the manual that comes with Apache which really helped. that's http://localhost/manual at the server. Very step by step, for extra fresh newbies

Something that may have helped was changing the apache.conf directive to:

AllowOverride AuthConfig

or I might have done the trick with a change in the security settings of file /var/www/passwords/passwords it was at default (?) and I changed it to 777 (just to test). I guess I 'll have to change it to 722 or something like that.. not shure!

Anyway, its working... cool.gif
chrisw
ya i totally forgot about the allowoveride authconfig thing

glad you got it working...but please put the
file permissions back to what they were originally
albustansintra
Yea, I have just read that the permissions on the password file should be set to the apache user, so it would be apache apache 500. The password file has to be executable by apache so that it can confirm the combination user password. (makes sense ! ) I'm not sure what was set as default but 500 is the minimum permissions for authentication to work.
On other distributions I have heard that the user nobody should be used, but that didn't seem to work on my Red Hat 9 with the version of apache that I have installed.

I think this might have been what was causing my problem.

Thank you for the support : - )
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.