This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Subject: Re:Apache Settings
From: Kirk <kirk@death.prince-of-darkness.cc>
Date: Tue, 19 Sep 2000 19:23:26 -0700 (PDT)
>On Wed, 20 Sep 2000, Andrew So Hing-pong wrote:
> As I know, after setting the apache, the users can reach his own
> directory, as http://domain.com/~user. Now I can do that.
> But I see some web sites has this settings. When typing
> "http://domain.com/~user", then prompt me for username and password
> , if both are corrent, then let me in, otherwise, refuse the
> connection. Any entry can be added on httpd.conf ?/?
> Is it possible ? I think it seems to be any stuffs about AuthUser..
If your looking to password directories in apache, read the man page on
htaccess.
man htaccess
===
Subject: Re: Apache Settings
From: Danny <dannyh@idx.com.au>
Date: Thu, 21 Sep 2000 01:06:01 +1100
You have to setup .htaccess in httpd.conf
Then in your directory eg /home/httpd/html/someclient/.htaccess
chmod 666 .htaccess
do a man on htpasswd or htaccess
to find out
what to put into .htaccess I
===
Subject: Re: Re: Apache Settings
From: Kirk <kirk@death.prince-of-darkness.cc>
Date: Wed, 20 Sep 2000 09:44:23 -0700
>At 11:27 AM 9/20/00 -0500, you wrote:
>I happen to be dealing with exactly the same thing, and it's not working
very well.
>Setting up the passwd file went fine, but I have a feeling the .htaccess
file is messed up.
>
>BTW on redhat there's no man page for htaccess
>
>What should the permissions/ownership be on a .htaccess file?
>
>Also, does the following look ok?
>
><Directory /Webhomes/Vanguard_mailer>
> <Files *>
> AuthName "Test"
> AuthType Basic
> AuthUserFile /work/vanguard.htpasswd
> Require valid-user
> </Files>
></Directory>
>
>Can an asterisk be used in <Files> like that?
You need to tell apache to use the .htaccess file. Do you have an apache
directive somewhere similar to this?
<Directory /path/to/directory>
AllowOverride AuthConfig <---this tells apache to use the
htaccess file
</Directory>
===
Subject: Re: Re: Re: Apache Settings
From: Kirk <kirk@death.prince-of-darkness.cc>
Date: Wed, 20 Sep 2000 10:29:22 -0700
>At 12:03 PM 9/20/00 -0500, you wrote:
> No, I don't have anything like that (I thought Apache
> automatically looked for .htaccess files?)
>
> Does that need to go inside the <Virtual Host> directive
> for each Virtual site?
>
> I'll assume so unless you repost.
I believe, but dont quote me, it needs to be in a <Directory> directive.
It would be a seperaite directive from the <VirtualHost> directive.
<Directory /path/to/directory/to/protect>
AllowOverride AuthConfig
</Directory>
===
Subject: Re: Apache Settings [more]
From: Alan Mead <adm@ipat.com>
Date: Wed, 20 Sep 2000 13:35:29 -0500
At 12:21 PM 9/20/00 , Jonathan Wilson wrote:
>Finally I'm being asked for a password, but I'm getting "Authorization
>failed, retry?" errors.
>
>Any ideas why? I'm using htpasswd, read several examples and the man page,
>it's so simple it's hard to mess up. Permissions and directives are as follows:
>
>[root@csc003 RedHatUpdates]# ls -l /etc/httpd/conf/httpd.conf
>-rw-r--r-- 1 root root 34087 Sep 20 12:05
>/etc/httpd/conf/httpd.conf
>
><VirtualHost *IP_addresss_here*>
> ServerAdmin wilson@claborn.net
> DocumentRoot /Webhomes/Vanguard_mailer
> ErrorLog logs/VanguardMailer-error_log
> CustomLog logs/VanguardMailer-access_log common
> <Directory /Webhomes/Vanguard_mailer>
> AllowOverride AuthConfig
> </Directory>
></VirtualHost>
>
>[root@csc003 RedHatUpdates]# ls -l /Webhomes/Vanguard_mailer/.htaccess
>-rw-r--r-- 1 admin users 128 Sep 20 11:33
>/Webhomes/Vanguard_mailer/.htaccess
>
>[root@csc003 RedHatUpdates]# cat /Webhomes/Vanguard_mailer/.htaccess
>AuthType Basic
>AuthName "By Invitation Only"
>AuthUserFile /work/htpasswd.vanguard
>AuthGroupFile /dev/null
>require user *username_here*
>
>
>[root@csc003 RedHatUpdates]# ls -l /work/htpasswd.vanguard
>-rw-r--r-- 1 admin users 23 Sep 20 12:08
>/work/htpasswd.vanguard
I think the permissions you posted look OK but become nobody (# su -
nobody) and try to cat everything to make sure.
I'm not sure of the implications of your AuthGroupFile and require
lines. My working basic_auth omits the AuthGroupFile and simply says
'require valid-user'.
Finally, I'm sure you're way beyond this but you're sure you added the
username and password correctly? It's hard to screw up the password but
the username could have a typo and if it is this, you'll be pulling all
your hair out...
BTW, I think the default Red Hat Apache explicitly disables overriding
authconfig... so that's why you have to add the directory entry in
httpd.conf. You wouldn't necessarily need to modify httpd.conf if you had
rolled your own httpd.conf from scratch.
===
Subject: Re[3]: Apache Settings
From: Brian Ashe <brian@dee-web.com>
Date: Wed, 20 Sep 2000 15:47:21 -0400
Hi Jonathan,
Wednesday, September 20, 2000, 1:03:16 PM, you wrote:
JW> No, I don't have anything like that (I thought Apache automatically looked for .htaccess files?)
Apache does. But it will only act upon what it is allowed to do. It is a
matter of trust. If you have a situation where you have less trusted people
with access to the directory they could override some of your security by
inserting the proper overrides in the .htaccess file.
Use AllowOverride with caution.
JW> Does that need to go inside the <Virtual Host> directive for each Virtual site?
You can either make it global or on a directory, file or host basis.
===
Subject: Re: Apache Settings [more]
From: wilson@claborn.net (Jonathan Wilson)
Date: Wed, 20 Sep 2000 14:59:41 -0500
I don't think "require valid-user will work. According to
some tutorials like www.apacheweek.com/features/userauth it
should say require john_doe if john_doe is the username you
just added with htpasswd -c.
Is there a newsgroup or mailing list for Apache users? I
looked around once already and couldn't find it, maybe I
just missed it.
===
Subject: Re: Apache Settings [more]
From: wilson@claborn.net (Jonathan Wilson)
Date: Wed, 20 Sep 2000 15:15:25 -0500
At 01:35 PM 9/20/2000 -0500, you wrote:
>At 12:21 PM 9/20/00 , Jonathan Wilson wrote:
>>Finally I'm being asked for a password, but I'm getting
>>"Authorization failed, retry?" errors.
>>Any ideas why? I'm using htpasswd, read several examples
>>and the man page, it's so simple it's hard to mess
>>up. Permissions and directives are as follows:
>>[root@csc003 RedHatUpdates]# ls -l /etc/httpd/conf/httpd.conf
>>-rw-r--r-- 1 root root 34087 Sep 20 12:05 /etc/httpd/conf/httpd.conf
>>
>><VirtualHost *IP_addresss_here*>
>> ServerAdmin wilson@claborn.net
>> DocumentRoot /Webhomes/Vanguard_mailer
>> ErrorLog logs/VanguardMailer-error_log
>> CustomLog logs/VanguardMailer-access_log common
>> <Directory /Webhomes/Vanguard_mailer>
>> AllowOverride AuthConfig
>> </Directory>
>></VirtualHost>
>>
>>[root@csc003 RedHatUpdates]# ls -l /Webhomes/Vanguard_mailer/.htaccess
>>-rw-r--r-- 1 admin users 128 Sep 20 11:33 /Webhomes/Vanguard_mailer/.htaccess
>>
>>[root@csc003 RedHatUpdates]# cat /Webhomes/Vanguard_mailer/.htaccess
>>AuthType Basic
>>AuthName "By Invitation Only"
>>AuthUserFile /work/htpasswd.vanguard
>>AuthGroupFile /dev/null
>>require user *username_here*
>>
>>
>>[root@csc003 RedHatUpdates]# ls -l /work/htpasswd.vanguard
>>-rw-r--r-- 1 admin users 23 Sep 20 12:08 /work/htpasswd.vanguard
> I think the permissions you posted look OK but become
> nobody (# su - nobody) and try to cat everything to make
> sure.
> I'm not sure of the implications of your AuthGroupFile and
> require lines. My working basic_auth omits the
> AuthGroupFile and simply says 'require valid-user'.
> Finally, I'm sure you're way beyond this but you're sure
> you added the username and password correctly? It's hard
> to screw up the password but the username could have a
> typo and if it is this, you'll be pulling all your hair
> out...
> BTW, I think the default Red Hat Apache explicitly
> disables overriding authconfig... so that's why you have
> to add the directory entry in httpd.conf. You wouldn't
> necessarily need to modify httpd.conf if you had rolled
> your own httpd.conf from scratch.
How embarrassing: the problem was, in fact, that fact that
.htaccess has to have the line "require valid-user" not
"require john_doe"
Several articles I found started very clearly that the
"require" directive was to be followed with the names of the
users.
Anyway, it is working now that I added that line.
===