Authentication Problems with Apache *Update: Problem Fixed*

[Rainsford]

I have a Linux box running Apache/PHP/MySQL to play around with, and I recently tried getting authentication to work but I seem to be having problems. I create the password file with the correct permissions and ownership values, and I've entered the username and password during the password file creation several times to make sure I'm doing it right. I then place a .htaccess file in the directory I want to protect. I made sure that .htaccess files are being accessed when the directory is read, and they seem to work just fine for things besides authentication. I copied exactly what the Apache.org documentation said into the .htaccess files, and when I go to the directory under Internet Explorer, a user/password box pops up. All is good. But then, no matter what I type for the username and password, it doesn't allow me to view the directory. I just get the box again. I have no idea what could be wrong, and I would appreciate any help any of you can give me. Oh, and I'm running Apache 1.3.22 RPM from Mandrake Linux (with the auth module enabled) as the server and MSIE 5.5 under Windows 98 as the client. Thanks.

 

[FUBAR]

Did you make sure to add AuthConfig to either the httpd.conf or the access.conf file for the directories you are working on? Here's what mine looks like...

<Directory /home/*/public_html/admin>
AllowOverride Options AuthConfig
Options Indexes FollowSymLinks ExecCGI MultiViews
</Directory>

then for reference, my .htaccess files look like so

AuthName "home page admin area"
AuthType Basic
AuthUserFile /etc/httpd/conf/htpasswd
require user xxxxxxxx

 

[Rainsford]

I didn't have the AllowOverride option set to AuthConfig, but when I did so (and rebooted the server) it made no difference. I pretty much copied your examples and put my own paths in, but I still have the same problem. I checked the password file, and the permissions are set to 640 (rw-r-----) and the owner is apache.apache (what my server runs as). I even tried creating a user with no password and it still had the same problem. That doesn't make sense, since it reads the data in the .htaccess file correctly. It knows what the realm is (what I listed as the AuthName), but it just keeps trying to relogin even when I put in the right password. And my browser works with other sites with similar setups, so I can't figure out what the problem could be. If you want to see what happens, feel free to go to http://rainsford.dhs.org/test. The username and password are both test. Thanks in advance.

 

[Nothinman]

Do the apache error logs say anything?

 

[marat]

you mind to publish .htaccess and .htpaswd (since we already know the password for test)?
BTW first thing i'd do is to check if .htaccess shows FULL & correct path to .htpasswd.

 

[Russ]

Rainsford,

Did you create the htpasswd file and then add users using the same command line parameters used during initial creation? If so, you overwrite it each time. Right off hand, I can't remember the commands but I do remember that this is what I ran in to the first time I set this up.

Russ, NCNE

 

[Rainsford]

Odd, the error log says "permission denied could not open password file". The password file has rw-r----- (640) permissions on it, and the owner is Apache group Apache (which is what my server runs as). Does that make any sense to any of you?

Update: Just for kicks I put full read/write/execute on the passwod file for all users, and I still have the same error in my error log. Why would that happen?

 

[Nothinman]

What about the parent directories? (all the way up to /) If the apache user can't cwd into those directories you'll get that too.

 

[Rainsford]

Ok, I figured out the problem. The directory the password files is in needs to have the execute permission enabled for the owner of the directory. It didn't mention this in the Apache documentation, but I guess execute needs to be allowed by the owner. Thanks for all your help.

 

[sml]

yeah, if a directory isnt executable the user can't browse it / check out files inside.