Re: htpasswd weirdness

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, 2023-04-29 at 17:39 +0100, Patrick O'Callaghan wrote:
> In *some" cases, usernames are added to the password file, and the
> password verifies correctly (using 'htppasswd -v ...'), but Apache
> still throws an error, e.g.:
> 
> [Sat Apr 29 17:12:10.790251 2023] [authz_core:error] [pid 17622:tid 17769] [client 82.69.61.82:40716] AH01631: user notatest: authorization failure for "/": 
> 
> (NB: "authorization failure", not "authentication failure" as with a
> password mismatch.)

Further thoughts...  That error sound backwards.

A password mismatch ought to be authorisation failure (you are not
authorised).  An authentication failure would be some other problem (it
can't do the authentication).

Are all the failures for trying to access the same thing?

The .htpasswd file should be outside of the webserving tree.  Are you
sure you're only using one file, or are correctly specifying the right
one?

The .htaccess files which mention which .htpasswd file to use should
use the full filepath to the .htpasswd file.  And mention the correct
type of authentication being used (bearing in mind that only some
methods are actually usable).  And you have to use the same scheme when
creating the passwords.

AuthType Basic
AuthName "Secure space"
AuthUserFile /var/www/.htpasswd
Require valid-user
Satisfy All

Have you looked through Apache's own docs regarding it?
e.g. https://httpd.apache.org/docs/2.4/programs/htpasswd.html
 
-- 
 
NB:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the list.
 
The following system info data is generated fresh for each post:
 
uname -rsvp
Linux 6.2.8-100.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Mar 22 19:14:19
UTC 2023 x86_64
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux