Re: apache authentication

[Joseph A Nagy Jr <joseph_a_nagy_jr@charter.net>]

Ernst-Magne Vindal wrote:
> Hi
> I'm trying to set up a site under my main site with auth, but can get it
> working.
> What I have done is:
> htpasswd -c /usr/local/apache/passwd/passwords username

Okay

> chown root.nogroup /usr/local/apache/passwd/passwords

I create the file as root and leave it's ownership status alone.

> chmod 640 /usr/local/apache/passwd/passwords

I also don't chmod any differently then the default.

> I have also tried with the password file named .htpasswd, but the result 
> is the same.

I don't use .htaccess as it causes apache to take a performance hit 
(read the apache manual for more about that)

> and for the access file:
> AuthType Basic
> AuthName "By Invitation Only"
> AuthUserFile /usr/local/apache/passwd/passwords
> Require user username

<Directory "/www/mc-luug/cgi-bin/awstats/">
 AuthType  Basic
 AuthName  "AW Stats"
 AuthUserFile  /etc/apache/passwords/awstats
 Require  valid-user
</Directory>

Works consistantly.

> I have almost the same config for users home dir, and thats working
> fine. The only difference is that I use "Require valid-user" insted of
> the config above.
>
> Can anyone pls help?

Trash the pw file, create a new one, leave it alone, then just use 
Require valid-user

If need be, keep a seperate pw file for the "By invite Only" and your 
other protected dir.

> I'm running debain 2.4.20 and apache 1.3.27-0.1
>
> /ernst