httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Weaston" <weast...@wowway.com>
Subject RE: [users@httpd] Problems with Authentication on 2.0.48
Date Tue, 06 Jan 2004 11:43:03 GMT
Sorry about the plain text...stupid Outlook.

The Document Root for the main host is unprotected.  I am protecting only a
few sub-directories of the docroot and no nested subs.  The second host is
protected on the docroot, which covers all subs (this one works just fine)

-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com]
Sent: Tuesday, January 06, 2004 3:19 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Problems with Authentication on 2.0.48


Plain text please...

You are not trying to nest authentication realms are you? E.g. access to
the docroot goes via one authentication challenge, then access to a
subdir goes through another challenge.

If so, that is the way of pain. Basically, HTTP does not support nested
authentication realms. To see why, first look at how a single-layer
authentication session works:

- browser requests file in /dir1
- server notices that this is "protected", so sends 401 Unauthorized
with realm description.
- browser pops-up password entry window with realm name
- user enters name and password
- browser requests file again and adds an Authorization header
containing the "credentials" (username & password)
- server decodes Authorization header, validates username & password and
returns requested file.
- browser caches credentials and uses them on every subsequent request
to /dir1.

The last point is crucial...

Now if you put authentication on /dir1/dir2 as well, when the browser
requests a file in /dir1/dir2, it automatically sends the credentials it
used for /dir1 since it thinks this is just a sub-dir. The server
therefore receives the wrong credentials for /dir1/dir2 and so replies
with 401. The browser behaviour is actually undefined in this case -
some will show the error, others will prompt endlessly for a password.
None will work as you expect.


Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.

-----Original Message-----
From: Scott Weaston [mailto:weastons@wowway.com]
Sent: Dienstag, 6. Januar 2004 05:01
To: users@httpd.apache.org
Subject: [users@httpd] Problems with Authentication on 2.0.48


I am having trouble with authenticating sub-directories of my document
root.  When I set up authentication it doesn't prompt me for a username
or password.  It only throws a 401 error.  I have tried using basic and
digest authentication.  I have placed the information in an .htaccess
file and in the httpd.conf.  I have no trouble when authenticating the
Document Root.  I am running two virtual hosts and one is limited access
to the root and all sub-directories.  The other is limited access only
to a few sub-directories.  I have tried limiting access to the subdirs
with the <location> and <directory> directive.  I have tried them inside
and outside of the <virtualhost> directive.  I have tried them in a can,
I don't not like them Sam I Am.  Oh, the kicker.  Every configuration
that I have tries works just fine on 1.3 (Yes, I waited for a long time
to upgrade).  I am curious to try 2.0.45, but I cannot find the windows
msi file for it and I am inexperienced in compiling the source.

Below is my current configuration:

<VirtualHost *>
    ServerName weaston.homeip.net
    DocumentRoot "C:/My Documents/"
    ErrorLog logs/weaston-error.log
    CustomLog logs/weaston-access.log common

    <Directory />
        Options Indexes FollowSymLinks MultiViews
        AllowOverride AuthConfig
        Order allow,deny
        Allow from all
    </Directory>
    <Location /recipes>
        AuthType Digest
        AuthName ransom
        AuthDigestFile "C:/Progra~1/Apache~1/Apache2/passwd/digest.txt"
        Require user sweaston
    </Location>
</VirtualHost>
<VirtualHost *>
    ServerName weaston.servemp3.com
    DocumentRoot "F:/"
    ErrorLog logs/mp3-error.log
    CustomLog logs/mp3-access.log common

    <Directory />
        Options Indexes FollowSymLinks MultiViews
        AllowOverride AuthConfig
        Order allow,deny
        Allow from all
        AuthType Digest
        AuthName ransom
        AuthDigestFile "C:/Progra~1/Apache~1/Apache2/passwd/digest.txt"
        Require user sweaston
    </Directory>
</VirtualHost>

Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le présent e-mail est
un message privé et personnel, sans rapport avec l'activité boursière du
Groupe SWX.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message