###
AuthUserFile should have a full path unless it is in the /etc/apache/ directory (or whatever server root is)
###
the httest file should be named .httest so that the built in deny rules in apache prevent users from downloading it and "cracking" the passwords.. also should NEVER be directly in a web accessable fodler.
Tommy
--On Friday, December 06, 2002 06:03:16 AM -0500 Keith Winston <kwinston@twmi.rr.com> wrote:
On Thu, 2002-12-05 at 22:47, brooks@kelley.net wrote:Have run into an interesting problem with username athentication in Apache 2.0. Don't know why since I have followed the syntax I have always followed which worked with out an issue. This is what I have in my httpd.conf file in a Virtual Host so I can keep it away from my dmz host. # BTW, The names of the real files have been changed # to protect the innocent penguin's that I will # place my super secret files into. <Directory "/var/www/secret" > AllowOverRide All AuthType Basic AuthUserFile httest Authname "Super Secret Site, Trust Me!" require valid-user </Directory> Then I created a simple file with htpasswd with a user named admin whose password is admin to test this configuration. Created with htpasswd -c /var/html/secret/httest admin my file "httest" looks like admin:.cz.qh01LXwVY brooks:brooksAre you sure apache can read your authfile at /var/html/secret/httest? You might want to put the full path in your AuthUserFile statement: AuthUserFile /var/html/secret/httest And check the permissions on the path and file. The user "apache" will need read access to the file. Best Regards, Keith -- LPIC-2, MCSE, N+ We drive on this highway of fire Got spam? Get spastic http://spastic.sourceforge.net -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
-- Tommy McNeely -- Tommy.McNeely@Sun.COM Sun Microsystems - IT Ops - Broomfield Campus Support Phone: x50888 / 303-464-4888 -- Fax: 720-566-3168 -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
