Re: debian-user-digest Digest V2013 #1593
On Sat, Dec 28, 2013 at 4:28 PM,
<debian-user-digest-request@lists.debian.org> wrote:
> Date: Sun, 29 Dec 2013 06:36:23 +1100
> From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
> To: debian-user@lists.debian.org
> Subject: Re: Upgraded apache 2.2 -> 2.4 and cannot get passwords to work
> Message-ID: <[🔎] 52BF2837.2050101@gmail.com>
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: 7bit
>
> On 29/12/13 03:52, Dave Woyciesjes wrote:
>> On 12/28/2013 11:09 AM, Kevin O'Gorman wrote:
>>> My modest-sized web server was recently upgraded. There were problems
>>> with access control, fairly well documented and fairly easily fixed.
>>>
>>> Authentication, on the other hand, acts as if it's not there -- anyone
>>> and everyone is let into the few parts that used to be controlled. So
>>> I have them offline for now. I don't see any writeups of problems
>>> with this, so perhaps the way I solved access control borked the
>>> authentication.
>>>
>>> I have everything in /var/www and /www, and the authenticated parts
>>> are in /www, with a Directory stanza containing authentication info
>>> for each of the two (but apache is apparently ignoring them). I don't
>>> have /srv. Authentication is by a simple text file with less than 100
>>> entries.
>>>
>>> Does anyone have a similar setup in apache 2.4 that works? Care to
>>> share how?
>>>
>> What else is on it, and how was it setup? Plain Debian Wheezy, or
>> Ubuntu-fied Debian?
>>
> 1++
>
>
> I have a number of web servers updated from Squeeze to Wheezy several
> months ago - I've had no problems with "authentication".
> Multi-user/multi-site so I have nothing being served from /var/www (suexec).
>
> Please expand on your authentication system and the problems plus error
> messages.
>
> Kind regards
>
There are about a dozen directories, I won't mention them all, but
here's the general pattern.
Consider these aliases
#Alias /theory /www/theory
Alias /hex /www/web
Alias /Chocoholic /www/Chocoholic
Alias /Games /www/Games
(and more in a similar vein)
The theory one is commented out for now because the authentication
does not work: it's as if the authentication is not even mentioned and
access goes smoothly for everyone. The uncommented ones do not have
authentication, so they work as-is.
/www contains the stuff where the problem is. It's enabled by this stanza:
<Directory /www>
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Require all granted
</Limit>
<LimitExcept GET POST OPTIONS>
Require all denied
</LimitExcept>
</Directory>
It has a subdirectory where I share stuff with some collaborators, and
where I want to authenticate those collaborators:
<Directory /www/theory>
AuthType Basic
AuthName "OHex Advanced"
AuthBasicProvider file
AuthUserFile /etc/apache2/hextheory-passwords
AuthGroupFile /dev/null
Require valid-user
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Require all granted
</Limit>
<LimitExcept GET POST OPTIONS>
Require all denied
</LimitExcept>
</Directory>
So: what can I do to have authentication work again as it did in apache 2.4?
--
Kevin O'Gorman
programmer, n. an organism that transmutes caffeine into software.
Please consider the environment before printing this email.
Reply to: