Solved

How to Implement Apache Digest Authentication

Posted on 2009-05-14
10
1,175 Views
Last Modified: 2012-05-07
I decided to repost this, because I had accidentally assigned it to the wrong zone(s).

I am looking to password protect my entire www directory.  I am assuming that by protecting the root directory, all sub directories will in turn be password protected.  If I'm wrong on that, please let me know.  I have read a little bit about this, but I cannot make it work for me.  Here's what I've done:

I have created a .htpasswd file located in c:\wamp\pass  It looks like this:
propmain32:realm:a913a91c2c1fb7c19f23a96bab0d45aa

I created an .htaccess file located in the www root dir which looks like this:
AuthDigestFile c:/wamp/pass
AuthType Digest
AuthName "propmain23"
Require user test

I uncommented this line in my .conf file:
LoadModule auth_digest_module modules/mod_auth_digest.so

I am not getting any results after I restart my server.  My page still loads up without a password prompt. I'm sure it's something stupid that I'm doing; please let me know what I need to do.  Thanks for reading.
0
Comment
Question by:thedeal56
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
10 Comments
 
LVL 29

Accepted Solution

by:
Michael Worsham earned 500 total points
ID: 24397868
0
 

Author Comment

by:thedeal56
ID: 24398411
I followed the steps in that example, and I am now seeing an internal server error.  Here's the message in the error log:
C:/wamp/www/.htaccess: Invalid command 'AuthDigestFile', perhaps misspelled or defined by a module not included in the server configuration

Thanks for helping me out.
0
 

Author Comment

by:thedeal56
ID: 24398459
Oh yeah....Here's the revised .htaccess:

AuthDigestFile /wamp/pass/.htpasswd
AuthType Digest
AuthName "propmain"
AuthDigestDomain  http://www3.murfreesborotn.gov/
AuthDigestNonceLifetime 300
require valid-user

I'm still confused on how to include the path to the password file.  Every example I see starts out like /somedir/someotherdir/ Which path is this relative to?  What comes before the first slash?  Should I read it like c:/somedir/someotherdir/  or is it assuming that it's in my www dir.  If so, should I read it like www/somedir/someotherdir?  
0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 

Author Comment

by:thedeal56
ID: 24398514
I changed AuthDigestFile to AuthUserFile.  Now I can get the password screen, but it will not accept my username and pass.  I've got a feeling it has something to do with the path to the password file.
0
 

Author Comment

by:thedeal56
ID: 24398647
Alright, I got the previous problems figured out.  Now, my error log says this:

Digest: user propmain32: password mismatch: /

I was pretty sure that I made the password file correctly, but I'll give it another shot and see what I can come up with.  Here's the new pw file:

propmain32:TEST:TYXPw93quICfE
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 24398684
When you use 'AuthUserFile', the AuthType must be 'Basic' not Digest.

0
 

Author Comment

by:thedeal56
ID: 24399451
Ok, I got it worked out.  Thanks for your help
0
 

Author Comment

by:thedeal56
ID: 24399459
Oh, sorry.  I didn't see your last post.  I was looking to use Digest.  I read that it was a little more secure.  Is it a good idea to use Digest?
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 24399504
Yes, Digest uses MD5 for the password scheme.
0
 

Author Comment

by:thedeal56
ID: 24399552
Here's my current, working .htaccess file:

AuthUserFile /pass/.htpasswd
AuthType Digest
AuthName "TEST"
AuthDigestDomain  http://www3.murfreesborotn.gov/
AuthDigestNonceLifetime 300
require valid-user

I'm using AuthUserFile instead of AuthDigestFile, but my AuthType is still Digest.  It appears to be working, but am I actually protecting my page using Digest since I'm not user AuthDigestFile?
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ports for sccm 2012 1 110
Bulk Changes to WP permalinks in .htaccess - blog post only 4 159
Apache / XAMPP  authorisation 10 79
Reverse Proxy problem 3 36
Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question