Re: Apache-Problem (htaccess - not a config-problem)
Am Thu, 12 Sep 2002 15:10:10 +0800 schrieb Andrew Shugg
<andrew@neep.com.au> :
> (...)
> Can the user the web server runs as(*) read
> /etc/apache/access_files/testdir? Does it have access (+x) permission on
> /etc/apache/access_files,/etc/apache and /etc? Have you tried different
> web browsers? Have you tried saving a backup of your Apache config,
> removing the server and then reinstalling it with the default
> configuration?
>
> See what modules are loaded. Turning on the server-info handler (with
> access restrictions for localhost only) and browsing /server-info will
> show you what modules are loaded and how they're configured.
>
> <Location /server-info>
> SetHandler server-info
>
> order deny,allow
> deny from all
> allow from localhost
> </Location>
>
> Make sure that the mod_auth module is enabled in httpd.conf!
>
> What I think might have happened is the ugprade of the apache packages
> from potato to woody may have run the apacheconfig script to create a
> new config file; if it didn't know about the modules you'd enabled
> before, then you may have got a default set without the authentication.
> See if there's an httpd.conf.O file, which would indicate that a new
> config file had been created and your old one saved with that name.
>
> But if mod_auth isn't loaded, Apache should spit the dummy at your
> various Auth* directives, so I don't know what's really wrong ...
>
> In closing, I don't think you've proved that this is an Apache problem
> and not a config problem. Check it again carefully!
>
> Andrew.
>
> * grep ^User /etc/apache/*conf
>
> --
> Andrew Shugg <andrew@neep.com.au>
> http://www.neep.com.au/
>
Hello Andrew!
Thank you for your comments and help. As I am not the webdesigner, and as
the authorisation had been working for a long time (after the update to
woody, too), the first thing I had done was checking the syntax and
settings of all the files. After spending a long time, rewriting
config-files and reinstalling apaches and/or modules, I gave up and
installed Apache2. But it didn't work again! Even after uninstalling
everything and installing the second version, even after switching to
db-files and so on...
Running apache in debugging-mode, I had the idea of generating new
passwd-files with MD5-Algorithm. It worked!
Now, on our system there must be two things for apache not to claim that
the user doesn't exist: the password must be encoded with MD5 (-m parameter
for htpasswd) and the passwd-file must belong to the user, who runs apache.
It is not enough to make the file readable for apache. Even with rights set
to 777, apache's error-log said that it couldn't read the file. I still
wonder why, and I have no idea, why apache suddenly forgot how to normally
encode passwords.
Greetings,
Oliver
--
## Oliver Sass (oas)
## mail@olansa.de
## Heidelberg, DE
Reply to: