apache configuration

[pcburner]

Ok here's the deal I learned how to protect some directories that require username and password to gain access. Now I've changed the password several times along with the username and still no luck. Now here's the thing that puzzles me, for the information that I've been able to gather everyone states this command- htpasswd -c /path/to/passwords/passwd username but when I use that command I keep get an error. So I tried this- htpasswd -c /path/directory/.htpasswd username and that worked. Now when I click on the link for the directory I get a username and password pop-up. I enter in the info, and nothing happens it keeps coming back blank as though the info I gave it is not correct. What is it the I don't have correct? Also perhaps this might help for the apache config?

<Directory /path/to/directory>
AuthUserFile /path/to/.htpasswd
AuthName Protected
AuthType Basic
require valid-user
Allow 127.0.0.1
Allow 192.168.1.*
</Directory>

I also have in the .htpasswd file the path as the location of the .htpasswd file. I also believe I chmod the password file with a 644, and the .htaccess file as well. As matter of fact I just tested those files with 777 and still nothing. So what am I missing in the configuration?

I also changed the ownership and groups to apache for the protected directory before any of this.

[topdog]

Actually the first command should work, what is the error you get when you run the command ?

P.S the .htaccess file is supposed to be used to override configurations not as a passwd file.

[pcburner]

The error is this - access to /path/to/directory failed, reason:verification of user id 'username' not configured, referer http://servername/

[topdog]

But your post states that you get an error

Quote:

everyone states this command- htpasswd -c /path/to/passwords/passwd username but when I use that command I keep get an error.

[pcburner]

Sorry about that- the error that I get is this - htpasswd can't create the directory /var/www/passwords/passwd

[pcburner]

I also tried this - htpasswd - c /var/www/passwd/passwords/ username and still nothing I get the same error as above htpasswd can't create the directory /var/www/passwd/passwords.
I even tried to create the directory manually and that still didn't work.

[pcburner]

I figured out the htpasswd command thanks to TopDog! But I think there is a conflict between Apache and the .htaccess file. I have tried different codes but nothing has worked. Here is what I have thus far in my .htaccess file.

AuthUserFile /etc/httpd/conf.d/users
AuthName "Protected Public Files"
AuthType Basic
require valid-user

Is there anything in here that I missing also what should the permissions be set at 644, 755? I've tried even 777 and that still didn't work I 've also set the permissions the .htpasswd file to 777 and that didn't work also what should those permissions be?

[zetnsh]

Apache can be notoriously tricky on this one. A shot in the dark, but it may be related to the relevant feature (AuthConfig in this case) simply not being allowed on the server. Are you seeing something like:

"Client denied by server configuration" in the error logs?

You could try putting somewhere appropriate in your httpd.conf file (the configuration file for Apache) near the bottom (above the virtual hosts) something like:

Code:

<Directory /path/to/webuser/root>
AllowOverride +AuthConfig
</Directory>

This directive controls what Apache allows in .htaccess files. It may well be that something earlier in the config file is disabling the use of the AuthConfig functions directive.

Remember - the error log is your friend!

I have to say - I wasn't completely clear on what your problem was from your description, but there's chance this might help.

Maybe you could post an appropriate extract from your server's error log that shows what error you're getting.

Good luck!

[pcburner]

Here is the error that I am getting-

[Mon Mar 10 13:02:24 2008] [error] [client:000.000.000.000]access to /path/to failed, reason: user 'username' does not meet 'require'ments for user



I am not sure what this means? Is there some kind of password requirements that I don't know about or is this because it is unable to read the htpasswd file?
I have changed the permissions on it to several different settings and that didn't change anything.

[zetnsh]

I think all that's saying is that you said "require valid-user" in your .htaccess file, and the authentication data supplied didn't meet that criteria. Incidentally, have you tried that with an upper case "R" at the beginning? eg. "Require valid-user" rather than "require valid-user" ?

Could it simply be that the username/password combination in your .htpasswd file have invalid characters?

You could try changing it to read something like

Code:

Require user <username>

Where obviously you replace <username> with the, erm, username!

You may get a different error if it's a .htpasswd problem, which might give you more of a clue!

Sorry I can't solve it for you, but I do try ;-)