httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: Cant make 1.3.26 work with .htpasswd
Date Fri, 12 Jul 2002 15:55:44 GMT
Sorry for the ABC but the trouble with glossing over it that sometimes it looks like you're
a newbie :-) Obviously you're not, though!

I don't know what else to suggest since you'd already tried everything I could think of...
I now use 1.3.26 and had no problems with authentication or anything else.. It must be something
really simple - Check you don't have "Satisfy any" - that ORs authentication with "Allow from"...

Rgds,

owen.

>-----Original Message-----
>From: Flash Wilson [mailto:flash@gorge.org]
>Sent: Freitag, 12. Juli 2002 17:23
>To: users@httpd.apache.org
>Subject: Re: Cant make 1.3.26 work with .htpasswd
>
>
>Hi, and thanks for your reply.
>
>On Fri, Jul 12, 2002 at 04:50:35PM +0200, Boyle Owen wrote:
>> Couple of things:
>> 
>> 1) You need "AllowOverride AuthConfig" in the config for the 
>directory to allow htaccess files to be read.
>
>For sure - when I am using .htaccess files, I ensure my httpd.conf 
>includes this. When I am doing the auth in the httpd.conf, I don't 
>use that line. 
>
>For clarity here is the relevant section of the httpd.conf:
>
><Directory /usr/local/apache/partner_extranet>
>        Allow from All
>        AuthType Basic
>        AuthName "Partner Extranet Login"
>        AuthUserFile 
>/usr/local/apache/htpasswords/partner_extranet.passwd
>        Require valid-user
>        Options +Includes -Indexes
>        AddType text/html .shtml
>        AddHandler server-parsed .shtml
></Directory>
>
>This has not changed. The only thing that has changed is that I 
>upgraded apache to 1.3.26. using the options specified. This is why
>I did not suspect my syntax. 
>
>I should also point out that mod_auth is loaded as a DSO and that
>httpd -l showed mod_auth and mod_so.
>
>When I rolled back to the 1.3.22 httpd, all was fine, suggesting that
>it was something wrong with the install - not the syntax of httpd.conf.
>
>Of course, /usr/local/apache/htpasswords/partner_extranet.passwd
>exists and is readable by the webserver.
>
>I also did some other tests - this involved changing the httpd.conf
>to comment out the Auth stuff (and include AllowOverride AuthConfig)
>and put in a local .htaccess file instead, which is how come I said
>that it is as if the files are not being read. Again these work with
>the old 1.3.22 httpd but not with my new 1.3.26 install. I have put
>the httpd.conf back to how it was, so please assume that I am working
>with the httpd.conf config above.
>
>> 2) your error is:
>> 
>> >couldn't check user.  No user file?: /registrars/index.html
>> 
>> so that implies you have:
>> 
>> AuthUserFile /registrars/index.html
>
>Im not sure what it implies, but what is happening is that 
>someone is going to /registrars/index.html and being asked for
>authentication, because thats what the httpd.conf says to do.
>When it cant find or check the user, I get 500 server error. 
>
>> Is this correct? If so, does this file exist and does it 
>really contain your passwords? I suspect not... Normally, I'd 
>put the password file out of the doc-tree and refer to its 
>full path, e.g.
>> 
>> AuthUserFile /usr/local/apache/passwords/restricted_area.pwd
>
>I have - please see above :)
>
>> 3) You seem a bit confused about the terms... 
><snip>
>
>Sorry if I was unclear. I appreciate that to some extent I glossed over
>my actual httpd.conf content, but that was because the syntax has not 
>changed - all that has changed is I have upgraded to 1.3.26. I was
>hoping someone might be able to tell me if there was a reason why
>password protection has stopped working - I have checked the changelogs
>and they dont suggest anything, so I must have missed something in my
>options to configure?
>
>I do appreciate how htpasswd works, but I apologise for being vague
>in what I said and assuming that everyone else also understood how
>it works and what I could have meant :)
>
>> 4) when testing, remember that your browser will cache 
>passwords after it logs in the first time. So you will go 
>straight in on the second and subsequent tries - even if you 
>restart the server. You have to restart the *browser* if you 
>want to test changes to authentication schemes.
>
>Absolutely, I always use a fresh browser.
>
>I do appreciate your comments, but some of them were quite
>fundamental. This is what is frustrating me; Ive worked
>with apache for a few years and thought this was fairly 
>trivial, but either it isnt trivial or I AM missing
>something fundamental, because it isnt working!
>
>*tears hair out*
>
>Thanks - further thoughts?
>Flash
>-- 
>Flash Wilson				          flash@gorge.org
>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> <rant> Outlook -> Tools -> Options -> Mail Format -> Plain Text
> Quote properly. Obey http://www.ietf.org/rfc/rfc1855.txt </rant>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message