htaccess confusion! Need help.
I'm trying to set up digest authentication for a particular directory
accessible via Apache. I thought it would be as simple as creating the
.htaccess file with the contents:
AuthType Digest
AuthName "Private Access Only"
AuthDigestFile /etc/apache/digest-auth.passwd
in the directory I wish to protect and restart apache (not even sure
the restart is necessary, when things are working?). Unfortunately the
.htaccess file seems to be, mostly, ignored. The only exception to
this is if the www-data user (the user the apache daemon runs under)
can't read that file. Then it complains about not being able to read
it in the error log. Otherwise it's wide open no matter what's in
.htaccess.
I've loaded the digest auth module, via
LoadModule digest_auth_module /usr/lib/apache/1.3/mod_auth_digest.so
in /etc/apache/httpd.conf and apache seems to load it fine, so I know
that's not the problem.
I saw some poorly worded mention of this problem in the list archives,
something about a conflict with
DocumentRoot /data/www
and the default directory spec
<Directory />
Options SymLinksIfOwnerMatch
AllowOverride None
</Directory>
which is listed after the "DocumentRoot" option, but I couldn't follow
it.
Here's the directory entry in httpd.conf that I want to control access
to via digest authentication:
<Directory /usr/lib/cgi-bin/bonsai>
AllowOverride AuthConfig
Options ExecCGI
Order deny,allow
Deny from all
</Directory>
Of course, if I set "Allow from all" then it's wide open. With "Deny
from all" nobody can read it and I never get a login/password
dialog. And "AllowOverride All" doesn't fix it either.
I'm running "testing" with Apache 1.3.24-2.1
Any ideas?
TIA,
Gary
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: