Re: htpasswd weirdness - SOLVED

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, 2023-04-30 at 06:10 +0930, Tim via users wrote:
> On Sat, 2023-04-29 at 17:39 +0100, Patrick O'Callaghan wrote:
> > In *some" cases, usernames are added to the password file, and the
> > password verifies correctly (using 'htppasswd -v ...'), but Apache
> > still throws an error, e.g.:
> > 
> > [Sat Apr 29 17:12:10.790251 2023] [authz_core:error] [pid 17622:tid
> > 17769] [client 82.69.61.82:40716] AH01631: user notatest:
> > authorization failure for "/": 
> > 
> > (NB: "authorization failure", not "authentication failure" as with
> > a
> > password mismatch.)
> 
> Further thoughts...  That error sound backwards.
> 

I figured it out, see below.

> A password mismatch ought to be authorisation failure (you are not
> authorised).  An authentication failure would be some other problem
> (it
> can't do the authentication).
> 

I don't think so. Authentication is about identifying the user,
authorisation is deciding what they can do.

> Are all the failures for trying to access the same thing?

Yes, and so are the successes.

> The .htpasswd file should be outside of the webserving tree.  Are you
> sure you're only using one file, or are correctly specifying the
> right one?

Yes and yes.

> The .htaccess files which mention which .htpasswd file to use should
> use the full filepath to the .htpasswd file.  And mention the correct
> type of authentication being used (bearing in mind that only some
> methods are actually usable).  And you have to use the same scheme
> when
> creating the passwords.
> 
> AuthType Basic
> AuthName "Secure space"
> AuthUserFile /var/www/.htpasswd
> Require valid-user
> Satisfy All

The problem is that I was specifying a Group file and had Require
Group. Any user not in the Group file would fail. I've removed that
requirement and it works now.

Frankly, the Apache error log could be more informative ...

(BTW "Satisfy All" is no longer necessary. It's supported for backward
compatibility.)

Thanks again.

poc
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux