Re: apache authentication

To: debuser <debian-user@lists.debian.org>
Subject: Re: apache authentication
From: Ernst-Magne Vindal <ernst@vindal.com>
Date: Sat, 22 Mar 2003 17:28:57 +0100
Message-id: <[🔎] 3E7C8F49.5000505@vindal.com>
In-reply-to: <[🔎] 3E7B52C5.4030709@charter.net>
References: <[🔎] 3E7B4660.1040707@vindal.com> <[🔎] 3E7B52C5.4030709@charter.net>

Joseph A Nagy Jr wrote:

Ernst-Magne Vindal wrote:

Hi
I'm trying to set up a site under my main site with auth, but can get it
working.
What I have done is:
htpasswd -c /usr/local/apache/passwd/passwords username



Okay

chown root.nogroup /usr/local/apache/passwd/passwords



I create the file as root and leave it's ownership status alone.

chmod 640 /usr/local/apache/passwd/passwords



I also don't chmod any differently then the default.

I have also tried with the password file named .htpasswd, but theresult is the same.

I don't use .htaccess as it causes apache to take a performance hit(read the apache manual for more about that)


and for the access file:
AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /usr/local/apache/passwd/passwords
Require user username



<Directory "/www/mc-luug/cgi-bin/awstats/">
 AuthType  Basic
 AuthName  "AW Stats"
 AuthUserFile  /etc/apache/passwords/awstats
 Require  valid-user
</Directory>

Works consistantly.


I have almost the same config for users home dir, and thats working
fine. The only difference is that I use "Require valid-user" insted of
the config above.

Can anyone pls help?

Trash the pw file, create a new one, leave it alone, then just useRequire valid-user

If need be, keep a seperate pw file for the "By invite Only" and yourother protected dir.


I'm running debain 2.4.20 and apache 1.3.27-0.1

/ernst


OK, now we are getting somewhere, thanks to Joseph

In the users home dir I have a .htaccess file, I didn't do anything withthat on.

But for 'sites og pages' under /var/www/ I removed the .htaccess fileand put the config in httpd.conf instead, and it worked like charm:)

Everything under /www is owned by www-data, but if I change the rightswith chmod 600, wich also was suggested, i didn't get access at all.


But...

If I want more sites/pages under /www to have authentication, how to dothat? Can I do:


<Directory "/var/www/na">
AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /usr/local/apache/passwd/.htpasswd
Require valid-user
</directory>
<Directory "/var/www/test">
AuthType Basic
AuthName "Test site"
AuthUserFile /usr/local/apache/passwd/.htpasswd
Require valid-user
</directory>

Many thanks for help

--
/ernst

Reply to:

Follow-Ups:
- Re: apache authentication
  - From: Joseph A Nagy Jr <joseph_a_nagy_jr@charter.net>
- [SOLVED]Re: apache authentication
  - From: Ernst-Magne Vindal <ernst@vindal.com>

References:
- apache authentication
  - From: Ernst-Magne Vindal <ernst@vindal.com>
- Re: apache authentication
  - From: Joseph A Nagy Jr <joseph_a_nagy_jr@charter.net>

Prev by Date: Re: Woody and 2.4 kernel
Next by Date: Re: When will Sarge become Stable ?
Previous by thread: Re: apache authentication
Next by thread: Re: apache authentication
Index(es):
- Date
- Thread