Authentication problems 2003-12-12 - By Boyle Owen
> -----Original Message-----
> From: Stephen Hardisty [mailto:shardisty@(protected)]
>
> >> <Directory /var/www/html/blah>
> >> AllowOverride AuthConfig
> >> AuthUserFile /var/www/html/blah/.htpasswd
> >> AuthName "Blah login"
> >> AuthType Basic
> >> require valid-user
> >> order deny,allow
> >> </Directory>
There is a misunderstanding here. There are two ways to achieve
authentication and you are mixing them up so I am not suprised you have
problems. The ways are:
1) Put the Auth* directives directly in the httpd.conf in a directory
container. If you do this, you don't need "AllowOverride AuthConfig".
2) Put the Auth* directives in a .htaccess file in the directory to be
protected. If you do this you must have at least "AllowOverride
AuthConfig" to allow apache to read and act upon Auth* directives found
in a .htaccess file.
You are mixing the two.
Let's stick with 1) for the minute:
- change the "AllowOverride AuthConfig" above to "AllowOverride None".
This will specifically *prevent* apache from reading any .htaccess files
which may contain conflicting directives. Then only the directives in
httpd.conf will have effect.
- the "order deny,allow" line on its own doesn't do anything. Remove it
for the moment.
It should then work.
Note that the browser will cache a user/pass and use it automatically in
future requests to the dir. So if you are testing this, you will have to
keep killing and restarting your browser to clear its cache.
Read also the docs for AllowOverride - it is not just for
authentication, you know.
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
> >>
> >> No matter what I put in here (and I've tried loads of
> combinations),
> >> nothing happens. I'm going to have a fit soon I think. Is there
> >> anything that turns off authentication or am I just doing something
> >> dumb? FYI, I'm using Apache 2.0.40.
>
> >
> >Otherwise, edit that directory block to contain:
> >
> > Order allow,deny
> > Deny from all
>
> Hi, tried that, restarted etc. still nothing. Above that
> section I have the following entries that might be causing
> problems but I don't see how or why:
>
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> Order Deny,Allow
> Deny from all
> </Directory>
>
> <Directory "/var/www/html">
> Options Indexes FollowSymLinks
> AllowOverride None
> Order Deny,Allow
> Deny from all
> Allow from xxx.xxx.xx
> </Directory>
>
> I've tried setting AllowOverride to All on these, but still
> nothing. Is there some way of just turning authentication
> off? A module not loaded or added perhaps? AGGH!
>
> Cheers!
>
> ______________________________________________________________
> __________
> This email has been scanned for all viruses by the MessageLabs Email
> Security System. For more information on a proactive email security
> service working around the clock, around the globe, visit
> http://www.messagelabs.com
> ______________________________________________________________
> __________
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@(protected)
> " from the digest: users-digest-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>
>
Diese E-mail ist eine private und pers?nliche Kommunikation. Sie hat
keinen Bezug zur B?rsen- bzw. Gesch?ftst?tigkeit der SWX Gruppe. This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le pr?sent e-mail est
un message priv? et personnel, sans rapport avec l'activit? boursi?re du
Groupe SWX.
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@(protected)
" from the digest: users-digest-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)
|
|
