Brian Nelson <nelson@bignachos.com> writes: > Ok, I'm feeling pretty retarded as I can't figure this out. > > I'm trying to set up user authentication in apache. So I created a > <Directory /my/restricted/dir> entry in httpd.conf for the area with > restricted access and gave it 'AllowOverride AuthConfig'. > > I also made sure I was loading 'auth_module', and set 'AccessFileName > .htaccess'. > > In the restricted directory, I placed a '.htaccess' file containing: > > AuthName "restricted stuff" > AuthType Basic > AuthUserFile /etc/apache/users > require valid-user > > Then I used htpasswd and added a user to /etc/apache/users. Then I > issued a '/etc/init.d/apache restart', tested it out, and it didn't > work. The web browser prompts me for a username and password, which I > enter correctly, but it fails to authenticate me and denies me > access. The access.log and error.log files don't give any useful > information. > > If I remove the .htaccess file from the directory in question, > everything works fine (without authentication, of course). The > /etc/apache/users file is world-readable (ugh), so that shouldn't be a > problem. I tried using all the different types of encryption > available with htpasswd... > > Any ideas? At my box (apache 1.3.9) removing the line with Load Module sys_auth_module... from the config did the trick. Don't ask me why, it just worked :-). Just make sure that module is NOT loaded. -- Tschoe, http://gecius.de/gpg-key.txt - Fingerprint: Jens 1AAB 67A2 1068 77CA 6B0A 41A4 18D4 A89B 28D0 F097
Attachment:
pgpGmmBuDvMHg.pgp
Description: PGP signature