[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Password authentication issue / Apache 2.0

two things I see..

AuthUserFile should have a full path unless it is in the /etc/apache/ directory (or whatever server root is)
the httest file should be named .httest so that the built in deny rules in apache prevent users from downloading it and "cracking" the passwords.. also should NEVER be directly in a web accessable fodler.


--On Friday, December 06, 2002 06:03:16 AM -0500 Keith Winston <kwinston twmi rr com> wrote:

On Thu, 2002-12-05 at 22:47, brooks kelley net wrote:
Have run into an interesting problem with username
athentication in Apache 2.0. Don't know why since I
have followed the syntax I have always followed which
worked with out an issue.

This is what I have in my httpd.conf file in a Virtual
Host so I can keep it away from my dmz host.

# BTW, The names of the real files have been changed
# to protect the innocent penguin's that I will
# place my super secret files into.
<Directory "/var/www/secret" >
   AllowOverRide All
   AuthType Basic
   AuthUserFile httest
   Authname "Super Secret Site, Trust Me!"
   require valid-user

Then I created a simple file with htpasswd with a user
named admin whose password is admin to test this

Created with htpasswd -c /var/html/secret/httest admin
my file "httest" looks like


Are you sure apache can read your authfile at /var/html/secret/httest?

You might want to put the full path in your AuthUserFile statement:
AuthUserFile /var/html/secret/httest

And check the permissions on the path and file.  The user "apache" will
need read access to the file.

Best Regards,
We drive on this highway of fire
Got spam? Get spastic http://spastic.sourceforge.net

Psyche-list mailing list
Psyche-list redhat com

-- Tommy McNeely -- Tommy McNeely Sun COM Sun Microsystems - IT Ops - Broomfield Campus Support Phone: x50888 / 303-464-4888 -- Fax: 720-566-3168

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]