Solved

How to Implement Apache Digest Authentication

Posted on 2009-05-14
10
1,140 Views
Last Modified: 2012-05-07
I decided to repost this, because I had accidentally assigned it to the wrong zone(s).

I am looking to password protect my entire www directory.  I am assuming that by protecting the root directory, all sub directories will in turn be password protected.  If I'm wrong on that, please let me know.  I have read a little bit about this, but I cannot make it work for me.  Here's what I've done:

I have created a .htpasswd file located in c:\wamp\pass  It looks like this:
propmain32:realm:a913a91c2c1fb7c19f23a96bab0d45aa

I created an .htaccess file located in the www root dir which looks like this:
AuthDigestFile c:/wamp/pass
AuthType Digest
AuthName "propmain23"
Require user test

I uncommented this line in my .conf file:
LoadModule auth_digest_module modules/mod_auth_digest.so

I am not getting any results after I restart my server.  My page still loads up without a password prompt. I'm sure it's something stupid that I'm doing; please let me know what I need to do.  Thanks for reading.
0
Comment
Question by:thedeal56
  • 7
  • 3
10 Comments
 
LVL 29

Accepted Solution

by:
Michael W earned 500 total points
ID: 24397868
0
 

Author Comment

by:thedeal56
ID: 24398411
I followed the steps in that example, and I am now seeing an internal server error.  Here's the message in the error log:
C:/wamp/www/.htaccess: Invalid command 'AuthDigestFile', perhaps misspelled or defined by a module not included in the server configuration

Thanks for helping me out.
0
 

Author Comment

by:thedeal56
ID: 24398459
Oh yeah....Here's the revised .htaccess:

AuthDigestFile /wamp/pass/.htpasswd
AuthType Digest
AuthName "propmain"
AuthDigestDomain  http://www3.murfreesborotn.gov/
AuthDigestNonceLifetime 300
require valid-user

I'm still confused on how to include the path to the password file.  Every example I see starts out like /somedir/someotherdir/ Which path is this relative to?  What comes before the first slash?  Should I read it like c:/somedir/someotherdir/  or is it assuming that it's in my www dir.  If so, should I read it like www/somedir/someotherdir?  
0
 

Author Comment

by:thedeal56
ID: 24398514
I changed AuthDigestFile to AuthUserFile.  Now I can get the password screen, but it will not accept my username and pass.  I've got a feeling it has something to do with the path to the password file.
0
 

Author Comment

by:thedeal56
ID: 24398647
Alright, I got the previous problems figured out.  Now, my error log says this:

Digest: user propmain32: password mismatch: /

I was pretty sure that I made the password file correctly, but I'll give it another shot and see what I can come up with.  Here's the new pw file:

propmain32:TEST:TYXPw93quICfE
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 29

Expert Comment

by:Michael W
ID: 24398684
When you use 'AuthUserFile', the AuthType must be 'Basic' not Digest.

0
 

Author Comment

by:thedeal56
ID: 24399451
Ok, I got it worked out.  Thanks for your help
0
 

Author Comment

by:thedeal56
ID: 24399459
Oh, sorry.  I didn't see your last post.  I was looking to use Digest.  I read that it was a little more secure.  Is it a good idea to use Digest?
0
 
LVL 29

Expert Comment

by:Michael W
ID: 24399504
Yes, Digest uses MD5 for the password scheme.
0
 

Author Comment

by:thedeal56
ID: 24399552
Here's my current, working .htaccess file:

AuthUserFile /pass/.htpasswd
AuthType Digest
AuthName "TEST"
AuthDigestDomain  http://www3.murfreesborotn.gov/
AuthDigestNonceLifetime 300
require valid-user

I'm using AuthUserFile instead of AuthDigestFile, but my AuthType is still Digest.  It appears to be working, but am I actually protecting my page using Digest since I'm not user AuthDigestFile?
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now