Re: Apache-Problem (htaccess - not a config-problem)

To: Andrew Shugg <andrew@neep.com.au>
Cc: debian-apache@lists.debian.org
Subject: Re: Apache-Problem (htaccess - not a config-problem)
From: O Sass <osass@ix.urz.uni-heidelberg.de>
Date: Thu, 12 Sep 2002 12:43:19 +0200
Message-id: <[🔎] 20020912124319.38126bd0.osass@ix.urz.uni-heidelberg.de>
In-reply-to: <[🔎] 20020912151003.B27224@neep.com.au>
References: <[🔎] 20020902160419.2fe46647.osass@ix.urz.uni-heidelberg.de> <[🔎] 20020912151003.B27224@neep.com.au>

Am Thu, 12 Sep 2002 15:10:10 +0800 schrieb Andrew Shugg
<andrew@neep.com.au> :

> (...) 
> Can the user the web server runs as(*) read
> /etc/apache/access_files/testdir? Does it have access (+x) permission on 
> /etc/apache/access_files,/etc/apache and /etc?  Have you tried different
> web browsers?  Have you tried saving a backup of your Apache config,
> removing the server and then reinstalling it with the default
> configuration?
> 
> See what modules are loaded.  Turning on the server-info handler (with
> access restrictions for localhost only) and browsing /server-info will
> show you what modules are loaded and how they're configured.
> 
> 	<Location /server-info>
> 	SetHandler server-info
> 
> 	order deny,allow
> 	deny from all
> 	allow from localhost
> 	</Location>
> 
> Make sure that the mod_auth module is enabled in httpd.conf!
> 
> What I think might have happened is the ugprade of the apache packages
> from potato to woody may have run the apacheconfig script to create a
> new config file; if it didn't know about the modules you'd enabled
> before, then you may have got a default set without the authentication.
> See if there's an httpd.conf.O file, which would indicate that a new
> config file had been created and your old one saved with that name.
> 
> But if mod_auth isn't loaded, Apache should spit the dummy at your
> various Auth* directives, so I don't know what's really wrong ...
> 
> In closing, I don't think you've proved that this is an Apache problem
> and not a config problem.  Check it again carefully!
> 
> Andrew.
> 
> *  grep ^User /etc/apache/*conf
> 
> -- 
> Andrew Shugg <andrew@neep.com.au>                  
> http://www.neep.com.au/
> 

Hello Andrew!

Thank you for your comments and help. As I am not the webdesigner, and as
the authorisation had been working for a long time (after the update to
woody, too), the first thing I had done was checking the syntax and
settings of all the files. After spending a long time, rewriting
config-files and reinstalling apaches and/or modules, I gave up and
installed Apache2. But it didn't work again! Even after uninstalling
everything and installing the second version, even after switching to
db-files and so on...

Running apache in debugging-mode, I had the idea of generating new
passwd-files with MD5-Algorithm. It worked!

Now, on our system there must be two things for apache not to claim that
the user doesn't exist: the password must be encoded with MD5 (-m parameter
for htpasswd) and the passwd-file must belong to the user, who runs apache.
It is not enough to make the file readable for apache. Even with rights set
to 777, apache's error-log said that it couldn't read the file. I still
wonder why, and I have no idea, why apache suddenly forgot how to normally
encode passwords.

Greetings,
Oliver

-- 
## Oliver Sass (oas)
## mail@olansa.de
## Heidelberg, DE

Reply to:

References:
- Apache-Problem (htaccess - not a config-problem)
  - From: O Sass <osass@ix.urz.uni-heidelberg.de>
- Re: Apache-Problem (htaccess - not a config-problem)
  - From: Andrew Shugg <andrew@neep.com.au>

Prev by Date: Re: Apache-Problem (htaccess - not a config-problem)
Next by Date: solve my overlapping problem in apache
Previous by thread: Re: Apache-Problem (htaccess - not a config-problem)
Next by thread: localhost not working
Index(es):
- Date
- Thread