Ok here's the deal I learned how to protect some directories that require username and password to gain access. Now I've changed the password several times along with the username and still no luck. Now here's the thing that puzzles me, for the information that I've been able to gather everyone states this command- htpasswd -c /path/to/passwords/passwd username but when I use that command I keep get an error. So I tried this- htpasswd -c /path/directory/.htpasswd username and that worked. Now when I click on the link for the directory I get a username and password pop-up. I enter in the info, and nothing happens it keeps coming back blank as though the info I gave it is not correct. What is it the I don't have correct? Also perhaps this might help for the apache config?

<Directory /path/to/directory>
AuthUserFile /path/to/.htpasswd
AuthName Protected
AuthType Basic
require valid-user
Allow 127.0.0.1
Allow 192.168.1.*
</Directory>

I also have in the .htpasswd file the path as the location of the .htpasswd file. I also believe I chmod the password file with a 644, and the .htaccess file as well. As matter of fact I just tested those files with 777 and still nothing. So what am I missing in the configuration?

I also changed the ownership and groups to apache for the protected directory before any of this.

Actually the first command should work, what is the error you get when you run the command ?

P.S the .htaccess file is supposed to be used to override configurations not as a passwd file.

The error is this - access to /path/to/directory failed, reason:verification of user id 'username' not configured, referer http://servername/

But your post states that you get an error
everyone states this command- htpasswd -c /path/to/passwords/passwd username but when I use that command I keep get an error.

Sorry about that- the error that I get is this - htpasswd can't create the directory /var/www/passwords/passwd

I also tried this - htpasswd - c /var/www/passwd/passwords/ username and still nothing I get the same error as above htpasswd can't create the directory /var/www/passwd/passwords.
I even tried to create the directory manually and that still didn't work.

I figured out the htpasswd command thanks to TopDog! But I think there is a conflict between Apache and the .htaccess file. I have tried different codes but nothing has worked. Here is what I have thus far in my .htaccess file.

AuthUserFile /etc/httpd/conf.d/users
AuthName "Protected Public Files"
AuthType Basic
require valid-user

Is there anything in here that I missing also what should the permissions be set at 644, 755? I've tried even 777 and that still didn't work I 've also set the permissions the .htpasswd file to 777 and that didn't work also what should those permissions be?

Apache can be notoriously tricky on this one. A shot in the dark, but it may be related to the relevant feature (AuthConfig in this case) simply not being allowed on the server. Are you seeing something like:

"Client denied by server configuration" in the error logs?

You could try putting somewhere appropriate in your httpd.conf file (the configuration file for Apache) near the bottom (above the virtual hosts) something like:

<Directory /path/to/webuser/root>
AllowOverride +AuthConfig
</Directory>

This directive (http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride) controls what Apache allows in .htaccess files. It may well be that something earlier in the config file is disabling the use of the AuthConfig functions directive.

Remember - the error log is your friend!

I have to say - I wasn't completely clear on what your problem was from your description, but there's chance this might help.

Maybe you could post an appropriate extract from your server's error log that shows what error you're getting.

Good luck!

Here is the error that I am getting-

[Mon Mar 10 13:02:24 2008] [error] [client:000.000.000.000]access to /path/to failed, reason: user 'username' does not meet 'require'ments for user



I am not sure what this means? Is there some kind of password requirements that I don't know about or is this because it is unable to read the htpasswd file?
I have changed the permissions on it to several different settings and that didn't change anything.

I think all that's saying is that you said "require valid-user" in your .htaccess file, and the authentication data supplied didn't meet that criteria. Incidentally, have you tried that with an upper case "R" at the beginning? eg. "Require valid-user" rather than "require valid-user" ?

Could it simply be that the username/password combination in your .htpasswd file have invalid characters?

You could try changing it to read something like

Require user <username>

Where obviously you replace <username> with the, erm, username!

You may get a different error if it's a .htpasswd problem, which might give you more of a clue!

Sorry I can't solve it for you, but I do try ;-)

ok now here's something might help as well. In the .htaccess file I also created custom error documents. But when I do something to create an error it isn't displaying those documents either.

Ok, I put AllowOverride in the httpd.conf and I got a different error. When I clicked on the link I got a Forbidden Page.

That's progress of some sort I suppose ;-)

Would you mind posting a) the appropriate slice of the error log and b) the contents of the .htaccess file?

I know you've sent these before, but they might have changed!

You were right about one thing that when using .htaccess AuthConfig has to be utilized in the httpd.conf. Now I have the opposite problem as before. After working with it more I found out that I had to change the permissions on the parent folder that holds the two child directories. Now the problem is I have made so many changes I don't where to go from here.

I dont understand why you insist on using .htaccess files when you have access to modifying the httpd.conf file. The configuration i gave you works from within the httpd.conf file and should just work.

I dont understand why you insist on using .htaccess files when you have access to modifying the httpd.conf file. The configuration i gave you works from within the httpd.conf file and should just work.
Because I didn't know that is what the code was for. Plus I have the understanding that in order for it to work you had to have the .htaccess file to work. TopDog I want you to know that I sincerely appreciate your help!!! I did try your coding that you sent, I wasn't sure if it was for the .htaccess file or the httpd.conf so I had tried it in both places and it wouldn't work and after each change I would restart httpd. But I got it now.

Worth mentioning here, I reckon that although .htaccess is probably the wrong place for <Directory> configurations, it tends to be considered as the right place for User authentication stuff, not least of which because you don't need a restart for it to see any changes!

So is it working now?

Thanks,

Neil