Solved

How to Implement Apache Digest Authentication

Posted on 2009-05-14
10
1,193 Views
Last Modified: 2012-05-07
I decided to repost this, because I had accidentally assigned it to the wrong zone(s).

I am looking to password protect my entire www directory.  I am assuming that by protecting the root directory, all sub directories will in turn be password protected.  If I'm wrong on that, please let me know.  I have read a little bit about this, but I cannot make it work for me.  Here's what I've done:

I have created a .htpasswd file located in c:\wamp\pass  It looks like this:
propmain32:realm:a913a91c2c1fb7c19f23a96bab0d45aa

I created an .htaccess file located in the www root dir which looks like this:
AuthDigestFile c:/wamp/pass
AuthType Digest
AuthName "propmain23"
Require user test

I uncommented this line in my .conf file:
LoadModule auth_digest_module modules/mod_auth_digest.so

I am not getting any results after I restart my server.  My page still loads up without a password prompt. I'm sure it's something stupid that I'm doing; please let me know what I need to do.  Thanks for reading.
0
Comment
Question by:thedeal56
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
10 Comments
 
LVL 29

Accepted Solution

by:
Michael Worsham earned 500 total points
ID: 24397868
0
 

Author Comment

by:thedeal56
ID: 24398411
I followed the steps in that example, and I am now seeing an internal server error.  Here's the message in the error log:
C:/wamp/www/.htaccess: Invalid command 'AuthDigestFile', perhaps misspelled or defined by a module not included in the server configuration

Thanks for helping me out.
0
 

Author Comment

by:thedeal56
ID: 24398459
Oh yeah....Here's the revised .htaccess:

AuthDigestFile /wamp/pass/.htpasswd
AuthType Digest
AuthName "propmain"
AuthDigestDomain  http://www3.murfreesborotn.gov/
AuthDigestNonceLifetime 300
require valid-user

I'm still confused on how to include the path to the password file.  Every example I see starts out like /somedir/someotherdir/ Which path is this relative to?  What comes before the first slash?  Should I read it like c:/somedir/someotherdir/  or is it assuming that it's in my www dir.  If so, should I read it like www/somedir/someotherdir?  
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:thedeal56
ID: 24398514
I changed AuthDigestFile to AuthUserFile.  Now I can get the password screen, but it will not accept my username and pass.  I've got a feeling it has something to do with the path to the password file.
0
 

Author Comment

by:thedeal56
ID: 24398647
Alright, I got the previous problems figured out.  Now, my error log says this:

Digest: user propmain32: password mismatch: /

I was pretty sure that I made the password file correctly, but I'll give it another shot and see what I can come up with.  Here's the new pw file:

propmain32:TEST:TYXPw93quICfE
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 24398684
When you use 'AuthUserFile', the AuthType must be 'Basic' not Digest.

0
 

Author Comment

by:thedeal56
ID: 24399451
Ok, I got it worked out.  Thanks for your help
0
 

Author Comment

by:thedeal56
ID: 24399459
Oh, sorry.  I didn't see your last post.  I was looking to use Digest.  I read that it was a little more secure.  Is it a good idea to use Digest?
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 24399504
Yes, Digest uses MD5 for the password scheme.
0
 

Author Comment

by:thedeal56
ID: 24399552
Here's my current, working .htaccess file:

AuthUserFile /pass/.htpasswd
AuthType Digest
AuthName "TEST"
AuthDigestDomain  http://www3.murfreesborotn.gov/
AuthDigestNonceLifetime 300
require valid-user

I'm using AuthUserFile instead of AuthDigestFile, but my AuthType is still Digest.  It appears to be working, but am I actually protecting my page using Digest since I'm not user AuthDigestFile?
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question