After an embarassing amount of time spent, I am appealing to the list for help. I have a minimal install of SuSE with Apache/mySQL/PHP4 and some libs set-up. This all works fine. I tried to use .htaccess to protect a directory, and I'm pretty sure I did everything right- I found several web tutorials, and they are all similar and fairly straightforward. I read everything at apache.org and even some Mosiac docs. The directory challenges me, my little "message" shows in the box and changes when I change it. I edit the files and do an apachectl stop/start to toggle the server. I get the same error after a third failed attempt: "Authorization Required -This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required." I've fiddled pretty hard with both .htaccess and .htpasswd. I've changed those two files ownerships from root to wwwrun to nobody to root again. I thought I set the Apache logs to "debug" but they don't seem to be recording too much. What kind of problem might I be up against? Thanks!
On Friday 24 August 2001 7:08 pm, Daniel Woodard wrote:
After an embarassing amount of time spent, I am appealing to the list for help.
I have a minimal install of SuSE with Apache/mySQL/PHP4 and some libs set-up. This all works fine.
I tried to use .htaccess to protect a directory, and I'm pretty sure I did everything right- I found several web tutorials, and they are all similar and fairly straightforward. I read everything at apache.org and even some Mosiac docs.
The directory challenges me, my little "message" shows in the box and changes when I change it. I edit the files and do an apachectl stop/start to toggle the server.
I get the same error after a third failed attempt:
"Authorization Required -This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required."
I've fiddled pretty hard with both .htaccess and .htpasswd. I've changed those two files ownerships from root to wwwrun to nobody to root again.
I thought I set the Apache logs to "debug" but they don't seem to be recording too much.
What kind of problem might I be up against?
Thanks!
Let the following script create the files for you to see if things are working: http://www.i01.de/webmaste3.htm Here's the output for test_user (password=test): In order to finish with the password protection of your directory, create a file named .htaccess with the following contents: AuthUserFile /usr/local/httpd/htdocs//.htpasswd AuthName "Passwortgeschuetzter Bereich:" AuthType Basic require valid-user Then create a file named .htpasswd with the following contents: test_user:aaqPiZY5xR5l. Copy these two files to /usr/local/httpd/htdocs/ on your server and this directory should be protected. M
Martin, thanks: I did as shown below, no different than what I've been doing and the same error after three failed log-ins. This example does place .htaccess and .htpasswd in the same directory- I have them in different directories before, but it still acts the same. No example ever mentions permissions, nor have I seen too many set-up more complicated than these example set-ups. If it's not file permissions (ie the server can't access .htpasswd or something) than am I missing something from the install because I did a minimal install and added just a few things to get the web server and ssh working. What's frustrating is that it seem's like it works/behaves corrrectly in everything but verifying the password. This is supposed to be real easy right? I don't see to much fuss in deja or geocrawler, so I guess for the most part it's set the files and go! I'm not so lucky I guess. ---- http://www.i01.de/webmaste3.htm Here's the output for test_user (password=test): In order to finish with the password protection of your directory, create a file named .htaccess with the following contents: AuthUserFile /usr/local/httpd/htdocs//.htpasswd AuthName "Passwortgeschuetzter Bereich:" AuthType Basic require valid-user Then create a file named .htpasswd with the following contents: test_user:aaqPiZY5xR5l. Copy these two files to /usr/local/httpd/htdocs/ on your server and this directory should be protected.
are you using the htpasswd utility? ----- Original Message ----- From: "Daniel Woodard" <schreck@telocity.com> To: "SuSE e" <suse-linux-e@suse.com> Sent: Friday, August 24, 2001 2:13 PM Subject: RE: [SLE] .htaccess (almost)
Martin, thanks:
I did as shown below, no different than what I've been doing and the same error after three failed log-ins. This example does place .htaccess and .htpasswd in the same directory- I have them in different directories before, but it still acts the same.
No example ever mentions permissions, nor have I seen too many set-up more complicated than these example set-ups.
If it's not file permissions (ie the server can't access .htpasswd or something) than am I missing something from the install because I did a minimal install and added just a few things to get the web server and ssh working.
What's frustrating is that it seem's like it works/behaves corrrectly in everything but verifying the password.
This is supposed to be real easy right? I don't see to much fuss in deja or geocrawler, so I guess for the most part it's set the files and go! I'm not so lucky I guess.
----
http://www.i01.de/webmaste3.htm
Here's the output for test_user (password=test):
In order to finish with the password protection of your directory, create a file named .htaccess with the following contents:
AuthUserFile /usr/local/httpd/htdocs//.htpasswd AuthName "Passwortgeschuetzter Bereich:" AuthType Basic require valid-user
Then create a file named .htpasswd with the following contents:
test_user:aaqPiZY5xR5l.
Copy these two files to /usr/local/httpd/htdocs/ on your server and this directory should be protected.
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
are you using the htpasswd utility?
Martin's website reference generates .htpasswd for you, but on all my other attempts, I've used htpasswd -c to create them. I've used very simple set-ups, and it almost works, so either there's a big bone in my head, or something very basic is missing. It seems like mod_auth and all that is installed. I've been pretty careful modifying httpd.conf I did spec debug logs in httpd.conf but my var/log/httpd/ does not look like it's being updated, are the logs elsewhere? Sure would love to see a trail of my errors in a log file. thanks everyone... I put about 6 hours into this already, I'm at the laugh/cry stage now.
On Friday 24 August 2001 9:13 pm, Daniel Woodard wrote:
I did as shown below, no different than what I've been doing and the same error after three failed log-ins. This example does place .htaccess and .htpasswd in the same directory- I have them in different directories before, but it still acts the same.
No example ever mentions permissions, nor have I seen too many set-up more complicated than these example set-ups.
If it's not file permissions (ie the server can't access .htpasswd or something) than am I missing something from the install because I did a minimal install and added just a few things to get the web server and ssh working.
What's frustrating is that it seem's like it works/behaves corrrectly in everything but verifying the password.
This is supposed to be real easy right? I don't see to much fuss in deja or geocrawler, so I guess for the most part it's set the files and go! I'm not so lucky I guess.
Could be one of two things: 1. User overrides are disabled. .htaccess is therefore ignored. Check httpd.conf to see if it's disabled: <Directory /> AllowOverride None Options None allow from all </Directory> 2. Security for the server's DocumentRoot is strict. Look for: # This should be changed to whatever you set DocumentRoot to. # <Directory "/usr/local/httpd/htdocs"> ... # This controls which options the .htaccess files in directories can # override. Can also be "All", or any combination of "Options", "FileInfo", # "AuthConfig", and "Limit" # AllowOverride None You need to change the "None" to "All" in both instances, or AllowOverride FileInfo AuthConfig Limit, which is common for home directories. Here's a snippet from the Apache manual on AllowOverride: AllowOverride directiveSyntax: AllowOverride All|None|directive-type [directive-type] ... Default: AllowOverride All Context: directory Status: core When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier access information. When this directive is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem. <-- I think this is what's happening, M. When this directive is set to All, then any directive which has the .htaccess Context is allowed in .htaccess files. The directive-type can be one of the following groupings of directives. AuthConfig Allow use of the authorization directives (AuthDBMGroupFile, AuthDBMUserFile, AuthGroupFile, AuthName, AuthType, AuthUserFile, Require, etc.). FileInfo Allow use of the directives controlling document types (AddEncoding, AddLanguage, AddType, DefaultType, ErrorDocument, LanguagePriority, etc.). Indexes Allow use of the directives controlling directory indexing (AddDescription, AddIcon, AddIconByEncoding, AddIconByType, DefaultIcon, DirectoryIndex, FancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName, etc.). Limit Allow use of the directives controlling host access (Allow, Deny and Order). Options Allow use of the directives controlling specific directory features (Options and XBitHack). (http://httpd.apache.org/docs-2.0/mod/core.html) M
1. User overrides are disabled. .htaccess is therefore ignored. Check httpd.conf to see if it's disabled:
I did spend the night, so to speak, at apache.org reading directives until the sun came up.
When this directive is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem. <-- I think this is what's happening, M.
Thanks, again. I'm not sure this is it because it does read the .htaccess file and my Realm description changes as I change the .htaccess file. Also the user/password alert box pops up faithfully as well. I suppose all this mostly confirms what I needed to know: 1. there are only 3 files to play with (httpd.conf, .htaccess, .htpasswd) 2. my installation is hosed It's blasphemy, but I guess I'm gonna do a clean install to rid the evil spirits. I'm also running Cold Fusion 5 server, so I'll try .htaccess before I install the CF server, though I don't know why they would not play nice together. While I'm doing my minimal install, is there anything I should be sure to install? The only other things I installed above minimal install are: binutils, compat, bison, flex, ftpdir, gcc, glibc-devel, make, mod_perl, mod_php4, mod_php4_core, mod_ssl, mysql, mysql_client, mysql_devel, mysql_shared, phplib, proftpd. This seems to give me a functioning webserver with mySQL & PHP4. I need "compat" to install CF5. Thanks everyone! PS I'm a video/graphics guy- this Linux thing is a hobby run wild. I've been deploying SuSE Linux in my art shop (SAMBA, netalk, ipchains, ssh2, 3ware raids), but will always admit my admin skillz are hack at best. I was smiling and heaping praise (esp using ssh2 on a W2k machine!) before all this mental torture kicked in.
On Fri, Aug 24, 2001 at 03:08:51PM -0400, Daniel Woodard wrote:
I tried to use .htaccess to protect a directory, and I'm pretty sure I did everything right- I found several web tutorials, and they are all similar and fairly straightforward. I read everything at apache.org and even some Mosiac docs.
<!-- cut -->
I get the same error after a third failed attempt:
<!-- cut -->
What kind of problem might I be up against?
Possible a bug in SuSE 7.2. Did you disable 'mod_auth_nds.c' in /etc/http/suse_addmodule.conf? Regards, Cees.
Yuck. I hate bugs. Especially when they cause me near physical pain! My head! My heart! Soon, my liver! What of this bug? I'll try to look and disable that, but my web research found no mention of anything too out of the ordinary.
What kind of problem might I be up against?
Possible a bug in SuSE 7.2. Did you disable 'mod_auth_nds.c' in /etc/http/suse_addmodule.conf? Regards, Cees.
On Friday 24 August 2001 10:40 pm, Daniel Woodard wrote:
Yuck. I hate bugs. Especially when they cause me near physical pain! My head! My heart! Soon, my liver!
What of this bug? I'll try to look and disable that, but my web research found no mention of anything too out of the ordinary.
What kind of problem might I be up against?
Possible a bug in SuSE 7.2. Did you disable 'mod_auth_nds.c' in /etc/http/suse_addmodule.conf?
I thought I'd check things out on my local set-up. And, it works! But, I did seem to replicate something similar to what you've been experiencing when the path to .htpasswd was incorrect, e.g. AuthUserFile /home/user-id/development/.htpasswd prompted for password but failed because I hadn't specified the correct full path to the directory being protected (/home/user-id/public_html/development). BTW, I used the default httpd.conf file. M
On Sat, Aug 25, 2001 at 04:47:58PM +0000, Martin Webster wrote:
On Friday 24 August 2001 10:40 pm, Daniel Woodard wrote:
Yuck. I hate bugs. Especially when they cause me near physical pain! My head! My heart! Soon, my liver!
What of this bug? I'll try to look and disable that, but my web research found no mention of anything too out of the ordinary.
I don't remember the locataion where I found this information. I entered the error message into Google and found this solution. This bug had me also running around fore some time, until I found that webpage.
I thought I'd check things out on my local set-up. And, it works!
But, I did seem to replicate something similar to what you've been experiencing when the path to .htpasswd was incorrect, e.g. AuthUserFile /home/user-id/development/.htpasswd prompted for password but failed because I hadn't specified the correct full path to the directory being protected (/home/user-id/public_html/development). BTW, I used the default httpd.conf file.
I think you are correct. That was the reason I was looking for faults at the wrong places. When I checked, re-checked, double checked and re-double checked all config files and it still was not working, I turned to Google. Regards, Cees.
On Thursday 30 August 2001 9:15 pm, Cees van de Griend wrote:
On Sat, Aug 25, 2001 at 04:47:58PM +0000, Martin Webster wrote:
On Friday 24 August 2001 10:40 pm, Daniel Woodard wrote:
Yuck. I hate bugs. Especially when they cause me near physical pain! My head! My heart! Soon, my liver!
What of this bug? I'll try to look and disable that, but my web research found no mention of anything too out of the ordinary.
I don't remember the locataion where I found this information. I entered the error message into Google and found this solution.
This bug had me also running around fore some time, until I found that webpage.
I thought I'd check things out on my local set-up. And, it works!
But, I did seem to replicate something similar to what you've been experiencing when the path to .htpasswd was incorrect, e.g. AuthUserFile /home/user-id/development/.htpasswd prompted for password but failed because I hadn't specified the correct full path to the directory being protected (/home/user-id/public_html/development). BTW, I used the default httpd.conf file.
I think you are correct. That was the reason I was looking for faults at the wrong places.
When I checked, re-checked, double checked and re-double checked all config files and it still was not working, I turned to Google.
I did write any of this! Anyway, what's the solution? M
On Thu, Aug 30, 2001 at 10:30:19PM +0000, Martin Webster wrote:
I don't remember the locataion where I found this information. I entered the error message into Google and found this solution.
This bug had me also running around fore some time, until I found that webpage.
I did write any of this! Anyway, what's the solution?
SuSE 7.2 has a bug that disables the use of 'AuthType basic' and 'AuthUserFile' in a .htaccess file. Possible this bug is also active if you use /etc/httpd/httpd.conf and not .htaccess. Put a comment (#) in front of the line with 'mod_auth_nds.c' in the file /etc/httpd/suse_addmodule.conf and restart apache. This worked for me. Regards, Cees.
Martin Wrote:
I did write any of this! Anyway, what's the solution?
Then Cees finally seals the deal:
SuSE 7.2 has a bug that disables the use of 'AuthType basic' and 'AuthUserFile' in a .htaccess file. Possible this bug is also active if you use /etc/httpd/httpd.conf and not .htaccess.
Put a comment (#) in front of the line with 'mod_auth_nds.c' in the file /etc/httpd/suse_addmodule.conf and restart apache. This worked for me.
Daniel Woodard capped with: This worked for me also! Go Cees! This fix is spot-on. I did try some more last week to no avail. I edited out "mod_auth_nds.c" httpd.conf and restarted apache, rewrote .htaccess and .htpasswd and poof! It works for the first time! This is a bug or a conflict or oversight or something! Thanks Cees and Martin!
On Friday 31 August 2001 12:44 am, Daniel Woodard wrote:
Then Cees finally seals the deal:
SuSE 7.2 has a bug that disables the use of 'AuthType basic' and 'AuthUserFile' in a .htaccess file. Possible this bug is also active if you use /etc/httpd/httpd.conf and not .htaccess.
Put a comment (#) in front of the line with 'mod_auth_nds.c' in the file /etc/httpd/suse_addmodule.conf and restart apache. This worked for me.
Glad it's all sorted! M
participants (5)
-
Cees van de Griend -
daniel -
Daniel Woodard -
Daniel Woodard -
Martin Webster