Authentication problems 2005-01-16 - By Alan Lloyd [Hosting Reserve]
Leif W wrote:
> With all the information provided, there is definitly some pieces missing.
>
> A few things in the httpd.conf file look odd at the very end.
>
> LoadModule suexec_module modules/mod_suexec.so
>
> Include /etc/httpd/conf/httpd.include
>
> AddType text/html .shtml
Yes there are there for a reason. The reason I did not mention them is
they are nothing to do with the problem I have.
>
> First of all, what are the contents of the httpd.include file? Every
> time you include external config files, you must think of it all in
> terms of one big file with everything included recursively (i.e. if that
> httpd.include file includes yet another something.conf, a scenario I use
> regularly), because that is how it will appear to Apache.
I know. The contents are fine just the VirtualHosts for my domains.
> Second, it seems odd to have this stray LoadModule at the end. I am not
> sure if there is still some importance for the order of module loading.
Again, its not relavant to the problem.
> In any case, it is usually much more helpful when debugging in the
> future, if all your LoadModules are in a central location, or
> assosciated with specific conf files and IfModule or IfDefine
> conditions. Same for the AddType. It's easier to keep track of
> everything when you group them. It's your choice though.
>
> Ok, about the error logs, you post one error log, but it may or may not
> even be the RIGHT error log. That would appear to be the main server
> error log.
I DID say that in the original post! There is NO information logged. NOT
EVEN A SUCESSFULL REQUEST. The log I posted is the ONLY log to contain
any information with the right timestamp!!!
It indicates that you have multiple bogus or otherwise
> misconfigured SSL certificates. I would fix that first to rule out any
> problems if you're trying to do the basic auth over SSL/TLS. This may
> not be critical, as the errors seem to be about Common Name mismatches,
> which usually only cause browser notifications. But when you have
> multiple non-critical errors working together, funky things might happen
> with no clear culprit. But that's just my opinion to resolve them though.
>
> Does that httpd.include file define VirtualHosts, specifically one for
> tor-bay.co.uk? Does it have it's own error and access logs? You need
> to post the relevent bits from the relevant log files.
No see above or first post. What is the point of me posting a log with
no relevant entries??? I am a bit confused as to what you want to see.
>
> Most importantly, where is the stuff you're trying to put into .htaccess
> files or Directory blocks? Just saying "it doesn't work" is useless if
> you don't say what "it" you're trying to do and what "it" the server is
> having a problem with.
Again please refer to my first post. I am tring to password protect a
directory! I think i did a bit more than just say "it doesn't work" I
explained in as much detail as I could the problem I had.
> And finally, there is absolutely no guarantee that one .htpasswd file
> will work with another server. I've used Apache 2, same exact version,
> to generate htpasswd files on Win32 with MD5 and Linux with crypt, and
> the two do not always work correctly on each server. Try using
> natively-generated .htpasswd file with test username and password, to
> rule that out as a possible problem.
Its fine. I have re generated the .htpasswd file quite a few times.
> Though this is NOT where your problem is currently.
Yep i kind of know that much :)
The symptom of this problem is that you get an
> auth pop up dialog (which you don't even have yet), you give the correct
> username and password, and Apache tells you it's bad. First you need to
> fix the pop up problem, which I think might be caused by a broken
> .htaccess config.
What do you mean. You go in to lots of detail about stuff that's not
even relevant. But when it gets down to it nada. Oh well. ;)
The htaccess files syntax is correct. What else is there. If I add any
other directives they work. Just not authentication.
Thanks for taking the time to look though.
Alan
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@(protected)
" from the digest: users-digest-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)
|
|
