> -----Original Message----- > From: Jon Forrest [mailto:jlforrest@xxxxxxxxxxxx] > Sent: Thursday, November 15, 2007 2:02 AM > To: users@xxxxxxxxxxxxxxxx > Subject: Problem With Password Protection in Apache 2.2 > > I need to setup password controlled access to a directory managed > by an Apache 2.2 server running on Solaris 10. I'm trying to > do it by putting the necessary directives in my httpd.conf > file rather than using an .htaccess file. > > I have the following in the appropriate VirtualHost section of my > httpd.conf file: > > ----------------- > DocumentRoot /users/chemweb/apache2/http-cchem/htdocs > <Directory /users/chemweb/apache2/http-cchem/htdocs/admittedstudent> > AuthType Basic > AuthName "Restricted Files" > AuthUserFile > /users/chemweb/apache2/http-cchem/htdocs/admittedstudent/.htpasswd > <Limit GET> > Require user gsportal AdmittedStudent > </Limit> > </Directory> > ------------------ > > The .htpassword file specified in the AuthUserFile directive > exists, and contains: - what *exactly* is the name of the file? In the config snippet it is called ".htpasswd", but above you call it ".htpassword". > > The directory on the Directory line exists:, e.g. > > % ls -d /users/chemweb/apache2/http-cchem/htdocs/admittedstudent > /users/chemweb/apache2/http-cchem/htdocs/admittedstudent - it exists from that shell, but does it exist from the shell that apache is running in? (looks like a mounted dir, to me..) - what are the read permissions on the file, can apache read it? Couple of other points: - password file is in the same dir as the content. So anyone can access it. Are you OK about that? - Require directive is limited to GET requests. So you don't mind if people without a password access the content via POST requests? Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. > > > When I go to http://www.cchem.berkeley.edu/admittedstudent/ > I'm not asked for a password. Instead, I get a 500 Internal > Server Error. My > error log says: > > configuration error: couldn't check user. No user file?: > /admittedstudent/ > > What's weird is that I get this message even if I comment out the > AuthUserFile directive. > > The rest of the web site seems to be working fine. What am I > doing wrong? > > Cordially, > -- > Jon Forrest > Unix Computing Support > College of Chemistry > 173 Tan Hall > University of California Berkeley > Berkeley, CA > 94720-1460 > 510-643-1032 > jlforrest@xxxxxxxxxxxx > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP > Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|