Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1262
  • Last Modified:

How to Implement Apache Digest Authentication

I decided to repost this, because I had accidentally assigned it to the wrong zone(s).

I am looking to password protect my entire www directory.  I am assuming that by protecting the root directory, all sub directories will in turn be password protected.  If I'm wrong on that, please let me know.  I have read a little bit about this, but I cannot make it work for me.  Here's what I've done:

I have created a .htpasswd file located in c:\wamp\pass  It looks like this:
propmain32:realm:a913a91c2c1fb7c19f23a96bab0d45aa

I created an .htaccess file located in the www root dir which looks like this:
AuthDigestFile c:/wamp/pass
AuthType Digest
AuthName "propmain23"
Require user test

I uncommented this line in my .conf file:
LoadModule auth_digest_module modules/mod_auth_digest.so

I am not getting any results after I restart my server.  My page still loads up without a password prompt. I'm sure it's something stupid that I'm doing; please let me know what I need to do.  Thanks for reading.
0
thedeal56
Asked:
thedeal56
  • 7
  • 3
1 Solution
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
0
 
thedeal56Author Commented:
I followed the steps in that example, and I am now seeing an internal server error.  Here's the message in the error log:
C:/wamp/www/.htaccess: Invalid command 'AuthDigestFile', perhaps misspelled or defined by a module not included in the server configuration

Thanks for helping me out.
0
 
thedeal56Author Commented:
Oh yeah....Here's the revised .htaccess:

AuthDigestFile /wamp/pass/.htpasswd
AuthType Digest
AuthName "propmain"
AuthDigestDomain  http://www3.murfreesborotn.gov/
AuthDigestNonceLifetime 300
require valid-user

I'm still confused on how to include the path to the password file.  Every example I see starts out like /somedir/someotherdir/ Which path is this relative to?  What comes before the first slash?  Should I read it like c:/somedir/someotherdir/  or is it assuming that it's in my www dir.  If so, should I read it like www/somedir/someotherdir?  
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
thedeal56Author Commented:
I changed AuthDigestFile to AuthUserFile.  Now I can get the password screen, but it will not accept my username and pass.  I've got a feeling it has something to do with the path to the password file.
0
 
thedeal56Author Commented:
Alright, I got the previous problems figured out.  Now, my error log says this:

Digest: user propmain32: password mismatch: /

I was pretty sure that I made the password file correctly, but I'll give it another shot and see what I can come up with.  Here's the new pw file:

propmain32:TEST:TYXPw93quICfE
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
When you use 'AuthUserFile', the AuthType must be 'Basic' not Digest.

0
 
thedeal56Author Commented:
Ok, I got it worked out.  Thanks for your help
0
 
thedeal56Author Commented:
Oh, sorry.  I didn't see your last post.  I was looking to use Digest.  I read that it was a little more secure.  Is it a good idea to use Digest?
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
Yes, Digest uses MD5 for the password scheme.
0
 
thedeal56Author Commented:
Here's my current, working .htaccess file:

AuthUserFile /pass/.htpasswd
AuthType Digest
AuthName "TEST"
AuthDigestDomain  http://www3.murfreesborotn.gov/
AuthDigestNonceLifetime 300
require valid-user

I'm using AuthUserFile instead of AuthDigestFile, but my AuthType is still Digest.  It appears to be working, but am I actually protecting my page using Digest since I'm not user AuthDigestFile?
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

  • 7
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now