Apache not able to authenticate using digest

I've setup Apache to use digest, but everytime I try to connect to whichever resource, I keep getting prompted for the username and password
the error log reads this:
"access to /WHEREVER failed, reason: require directives present and no Authoritative handler"

This is what I have in each Directory directive:

AllowOverride AuthConfig
AuthType Digest
AuthName whatever
AuthUserFile "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/passwd/.digest"
Require valid-user

Adding the AuthDigestDomain and AuthDigestProvider directives to this but that made no difference

AH!....I'm on Windows XP BTW
JayneBRAsked:
Who is Participating?
 
rokovConnect With a Mentor Commented:
Hi!
Sorry for late response...
After having a look at your config, things become a bit clearer. Though I have not found any errors there, it helped answering some questions...

>when I go to my site, I'm greeted with a password
This happened because your root directory (C:/Documents and Settings/me/documents/www/wwwroot) is a subdirectory of C:/Documents and Settings/me/documents. So authentication settings configured for it will be applied to its subdirectories (http://httpd.apache.org/docs/2.2/sections.html). That's why you get prompted for password.

Assuming that authentication succeded that time,  I suggest you to look at your .digest file again. Check that you created users in each realm (AuthName) used in the config (realm is the second field in file, file is colon-delimited).

>Alright...so i'm thinking of just nixing the documents directory......and I need to make sure the authname for every directory directive is the same...
As for me this is a good idea. Unless you have any reason to use different credentials for different parts of the site. BTW, in this case you don't need to setup authentication for each subdirectory. However I recommend to move documentroot outside of the restricted area of your site, if you want to have public documents there.

0
 
rokovCommented:
Do you have mod_authz_user loaded? httpd -l to check?
0
 
JayneBRAuthor Commented:
Yes.
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
rokovCommented:
AuthUserFile should be AuthDigestFile according to http://httpd.apache.org/docs/2.0/mod/mod_auth_digest.html
0
 
JayneBRAuthor Commented:
Yes. Perhaps in v2.0 but I'm inclined to follow http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html. Regardless, I tried AuthDigestFile and 'httpd -t' failed because of it.
I'm so confused! hehe....Basic authentication works btw, if it's of any importance.
0
 
rokovCommented:
I've tested your configuration on apache 2.0 on Linux (with AuthDigestFile instead of AuthUserFile) and it works... I'm running out of ideas...
The last guess is to comment out AllowOverride AuthConfig to prevent override settings from .htaccess files (if you have any).
BTW, if you try to authenticate with non-existing user name, will you get the same error message?
0
 
rokovCommented:
One more suggestion: have you used htdigest to create password file? Or htpasswd?
0
 
JayneBRAuthor Commented:
I commented out AllowOverride...same error message....tried loggin in with non existant user...error read user didn't exist..so that's good......and yes I used htdigest......
:(

0
 
JayneBRAuthor Commented:
OOOOOOK....hmm...alright I just ran into a weird problem...but uh let me back track and explain my setup a bit further......OK:
My DocumentRoot is in a subdirectory of "My Documents"
I have 8 additional directories specified in a seperate conf file
One of the directories I have specified happens to be "My Documents" (potential problem I'm thinking)
6 others are subdirectories of "My Documents"
1 other is not a subdirectory

To try protecting the directories with Digest....I added:

AllowOverride AuthConfig
AuthType Digest
AuthName whatever
AuthUserFile "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/passwd/.digest"
Require valid-user

to two of the 6 subdirectories under "My Documents"
each had a different AuthName

I couldn't log in to either..and kept getting that error message......but assuming my directives were fine..I amended each of the 8 directives with one of the two that I had configured...except one that I want to make public(it happens to be a subdirectory of "My Documents")

Alright so after doing that and restarting Apache......when I go to my site, I'm greeted with a password dialogue!...WTF....I don't have that set in my DocumentRoot directive......but, nevertheless, I'm able to login and I ahve access to the site in its entirety

So...a little closer to a solution I suppose.....Hmm...

0
 
JayneBRAuthor Commented:
OK....if I take Digest protection off the "My Documents" directive, I'm not greeted by the password dialogue when going to the root of my site.....and any other directory prompts and acceptsvalid user/pass combos....Hmm..
0
 
JayneBRAuthor Commented:
Sheesh....does Apache have any other authentication schemes other than Basic and Digest ?!?!?

:(
0
 
rokovCommented:
I'm completely confused wiht your last posts.
Looks like authentication is not working where it is explicitly configured and works fine where it is not configured at all? WTF!!!

>I'm able to login and I ahve access to the site in its entirety
What you have in logs when authentication succeded?
Can you post you all Directory sections configuration?

BTW I've tested digest authentication on apache 2.2.6 (unfortunately, on Linux again) and get it to work without any problems. I've attached part of working config related to authentication including some modules which I uncommented.

Try changing your config to as simple as that. Will it give the same error?

Have you tried different version of apache?

...almost missed this...
>does Apache have any other authentication schemes other than Basic and Digest
Unfortunately, no.

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authz_user_module modules/mod_authz_user.so
 
DocumentRoot "/var/www/localhost/htdocs"
 
<Directory "/var/www/localhost/htdocs">
	Options Indexes FollowSymLinks
 
	AuthType Digest
	AuthName xxx
	AuthUserFile /var/www/localhost/htdocs/digest
	Require valid-user
	
	
	Order allow,deny
	Allow from all
</Directory> 
 
This is the content of /var/www/localhost/htdocs/digest - password is 321
vasya:xxx:5d7b10fcae6fa9e6cc60c0ea728c695d

Open in new window

0
 
JayneBRAuthor Commented:
Thanks for the feedback...As soon as I get home today I'll post my httpd.conf along with directories conf file.
0
 
JayneBRAuthor Commented:
OK I've attached httpd.txt, modules.txt and directories.txt
httpd.txt
modules.txt
directories.txt
0
 
JayneBRAuthor Commented:
Alright...so i'm thinking of just nixing the documents directory......and I need to make sure the authname for every directory directive is the same...this will have to do I guess......any other suggestions ?
0
 
JayneBRAuthor Commented:
Thank you rokov!
0
 
JayneBRAuthor Commented:
<3
0
All Courses

From novice to tech pro — start learning today.