sgaucho
asked on
http authentication
Hi,
I am trying to implement basic http authentication for my webpages. I am running Apache on a win2k pc.
I edited httpd.conf setting - AllowOverride All, created a .htaccess file in the web dir, ran htpasswd for creating an users file..
So far everthying went fine and when i try to access the homepage of the web dir, i get the authentication window, BUT none of the usernames/passwords are accepted. the site, realm all show up fine but the users info is not being validated ok.. What is the problem??
thnx in adv,
sgaucho
I am trying to implement basic http authentication for my webpages. I am running Apache on a win2k pc.
I edited httpd.conf setting - AllowOverride All, created a .htaccess file in the web dir, ran htpasswd for creating an users file..
So far everthying went fine and when i try to access the homepage of the web dir, i get the authentication window, BUT none of the usernames/passwords are accepted. the site, realm all show up fine but the users info is not being validated ok.. What is the problem??
thnx in adv,
sgaucho
Have you double checked the encrypted passwords are correct in your .htaccess file? That's the obvious first thing to check.
Have you double checked the encrypted passwords are correct in your .htaccess file? That's the obvious first thing to check.
ASKER
Hi,
afaik, i hv followed the instructions to the last detail as provided with the apache docs, however they all pertain to apache running on linux, not on windows.. I had http auth working fine on linux sometime ago..
my .htaccess :
AuthType Basic
AuthUserFile C:\apache\bin\users.txt
AuthName "etax"
Require valid-user
p.s: note, its users.txt and not users.. if i put just users, nothing works...
any suggestions??
thnx,
sg
afaik, i hv followed the instructions to the last detail as provided with the apache docs, however they all pertain to apache running on linux, not on windows.. I had http auth working fine on linux sometime ago..
my .htaccess :
AuthType Basic
AuthUserFile C:\apache\bin\users.txt
AuthName "etax"
Require valid-user
p.s: note, its users.txt and not users.. if i put just users, nothing works...
any suggestions??
thnx,
sg
sg,
this is what I had on my Win2K machine;
--------
AuthType Basic
AuthName "My access"
AuthUserFile "C:/Websites/.htpasswd"
AuthAuthoritative on
require valid-user
Satisfy any
-------
and make sure you c:\apache\bin\users.txt is created using htpasswd.exe
And make sure you had (at least):
AllowOverride AuthConfig
in the Directory (or resource) you need to limit access). By default it was set to none (When this directive is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem.)
http://httpd.apache.org/docs/mod/core.html#allowoverride
this is what I had on my Win2K machine;
--------
AuthType Basic
AuthName "My access"
AuthUserFile "C:/Websites/.htpasswd"
AuthAuthoritative on
require valid-user
Satisfy any
-------
and make sure you c:\apache\bin\users.txt is created using htpasswd.exe
And make sure you had (at least):
AllowOverride AuthConfig
in the Directory (or resource) you need to limit access). By default it was set to none (When this directive is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem.)
http://httpd.apache.org/docs/mod/core.html#allowoverride
ASKER
Hi Samri,
followed ur suggestions but nothing yet.. I hv set AllowOverride ALL
Further, please clarify a couple of things..
1. AuthUserFile shud hv the path to the file containing the usernames and passwords right? not the .htpasswd ??
2. the .htaccess file i created was like this:
opened notepad,
inserted the lines,
saved the file as ".htaccess" (without a filename)
thats it.. is this ok??
thnx,
sg
followed ur suggestions but nothing yet.. I hv set AllowOverride ALL
Further, please clarify a couple of things..
1. AuthUserFile shud hv the path to the file containing the usernames and passwords right? not the .htpasswd ??
2. the .htaccess file i created was like this:
opened notepad,
inserted the lines,
saved the file as ".htaccess" (without a filename)
thats it.. is this ok??
thnx,
sg
1. The AuthUSerFile should be that file that has user:encrypted password. In my ssytem this is what I had.
C:\Websites>more .htpasswd
user1:$apr1$R61.....$LPLfg
user2:$apr1$kf5.....$ToZz2
user2:$apr1$gF/.....$ZyHR9
2. You need to create this file using htpasswd.exe which comes with apache. For apache 1.3 look in c:/program files/apache group/apache/bin/
SOme docs on htpasswd;
C:\Program Files\Apache Group\apache\bin>htpasswd
Usage:
htpasswd [-cmdps] passwordfile username
htpasswd -b[cmdps] passwordfile username password
htpasswd -n[mdps] username
htpasswd -nb[mdps] username password
-c Create a new file.
-n Don't update file; display results on stdout.
-m Force MD5 encryption of the password (default).
-d Force CRYPT encryption of the password.
-p Do not encrypt the password (plaintext).
-s Force SHA encryption of the password.
-b Use the password from the command line rather than prompting for it.
On Windows, TPF and NetWare systems the '-m' flag is used by default.
On all other systems, the '-p' flag will probably not work.
C:\Program Files\Apache Group\apache\bin>
---
So first time you would be using;
htpasswd -c .htpasswd username
----
C:\Program Files\Apache Group\apache\bin>htpasswd -c .htpasswd samri
Automatically using MD5 format on Windows.
New password:
Re-type new password:
Adding password for user samri
C:\Program Files\Apache Group\apache\bin>
---
for adding/modifying user (subsequent) just do not use -c switch. TO delete just open the file and delete the line that you want to delete. The file is a standard text file.
I hope this help.
C:\Websites>more .htpasswd
user1:$apr1$R61.....$LPLfg
user2:$apr1$kf5.....$ToZz2
user2:$apr1$gF/.....$ZyHR9
2. You need to create this file using htpasswd.exe which comes with apache. For apache 1.3 look in c:/program files/apache group/apache/bin/
SOme docs on htpasswd;
C:\Program Files\Apache Group\apache\bin>htpasswd
Usage:
htpasswd [-cmdps] passwordfile username
htpasswd -b[cmdps] passwordfile username password
htpasswd -n[mdps] username
htpasswd -nb[mdps] username password
-c Create a new file.
-n Don't update file; display results on stdout.
-m Force MD5 encryption of the password (default).
-d Force CRYPT encryption of the password.
-p Do not encrypt the password (plaintext).
-s Force SHA encryption of the password.
-b Use the password from the command line rather than prompting for it.
On Windows, TPF and NetWare systems the '-m' flag is used by default.
On all other systems, the '-p' flag will probably not work.
C:\Program Files\Apache Group\apache\bin>
---
So first time you would be using;
htpasswd -c .htpasswd username
----
C:\Program Files\Apache Group\apache\bin>htpasswd -c .htpasswd samri
Automatically using MD5 format on Windows.
New password:
Re-type new password:
Adding password for user samri
C:\Program Files\Apache Group\apache\bin>
---
for adding/modifying user (subsequent) just do not use -c switch. TO delete just open the file and delete the line that you want to delete. The file is a standard text file.
I hope this help.
ASKER
YEs, thats exactly what i had done ... the file i am referring to users.txt has some key-value pairs , i mean, username:md5 encrypted psswd.
The authentication window just doesnt accept my password!
any more suggestions.. Can u please send me the exact lines to be altered in the httpd.conf file?? would like to crosscheck again..
thnx much,
sg
The authentication window just doesnt accept my password!
any more suggestions.. Can u please send me the exact lines to be altered in the httpd.conf file?? would like to crosscheck again..
thnx much,
sg
Are you running IIS in the background or is this a dual boot system?
ASKER
I hv IIS installed but its currently shutdown.. and no this is not a dual boot system...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.