Authentication configurations

Posted on 2006-05-26
Last Modified: 2010-08-05
Hello All,

I want to password protect some directories on my apache server. I am running apache 2.0. I have followed the documentation for authenticating by username but when prompted for user name and password it still gets rejected. I even tried a very simple password but it is still rejected. I'm not sure what else to look at. Here is the config for the directory:

<Directory "/var/www/html/stuff">
        AuthType Basic      
        AuthName "Stuff"
        AuthUserfile /var/www/secrets/secret
        Require user secretuser    

Also what are better ways to secure directories? I am not using .htaccess files.

Question by:GR999
    LVL 10

    Expert Comment

    Did you use htpasswd to create your user file?

    When you look at the contents of the file that AuthUserfile points to, do you see something like the examples below?


    Or are you using a plaintext password file?


    What platform are you running on?  If attempting to use plaintext passwords, this can only be done on Windows (not cygwin), Netware, and TPF.

    Are there more specific messages in the Apache error log?

    Author Comment

    Sorry, I am running Fedora Core 4. My passwords are not plaintext. They are like the first one:


    Hmmm ok in error_log I get this, not sure why.

    (13)Permission denied: Could not open password file: /var/www/secrets/secret

    Who should have permission? Just root or apache also chmod 700, 770, 774?

    What is the best way to password protect directories?

    LVL 10

    Accepted Solution

    The apache user/group in your httpd.conf is the user that needs permission.  What exactly the permissions mode will look like of course depends on who the owner of the file is.

    Since you are running Fedora Core 4, you may have to worry about SELinux preventing Apache from reading files as well. (

    There is not one "best" way to password protect directories -- it comes down to what you consider to be "best".  Easiest setup?  Highest security?  Least effort to maintain?  Most convenient for users?


    Author Comment

    Thank you! Just chgrp to apache and works fine. Thanx.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    Suggested Solutions

    Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
    Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now