SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    ********* Ornithologist AtomicPenguin's Avatar
    Join Date
    May 2002
    Location
    Vancouver, BC
    Posts
    459
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Basic Authentication

    Heya.

    I've done authentication before, so I'm a little puzzled why I can't get it to work now. All I'm trying to do is get a very basic user-authentication on a particular directory.

    Here's my .htaccess file:

    AuthUserFile ./.htpasswd
    AuthName Site Demonstration
    AuthType Basic

    <Limit GET>
    require valid-user
    </Limit>


    (I tried giving the .htpasswd an absolute dir too, that didn't work).

    The htpasswd program worked fine for adding new users, and it nicely created a .htpasswd file with the user's password. But after all this, when I try to access the dir from my browser, I don't get the pop-up window asking for username & password. Why....?!! I'm stumped. Is there something funny going on on my server, maybe?

    Thanks!

  2. #2
    SitePoint Wizard Crowe's Avatar
    Join Date
    Nov 2001
    Location
    Huntsville
    Posts
    1,117
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Try this instead

    Code:
    AuthUserFile /full/path/to/.htpasswd 
    AuthName "Site Demonstration"
    AuthType Basic
    
    <Limit GET>
    require valid-user
    </Limit>
    Notice the quotes on AuthName - If you use more than one word you have to put it in quotes.

    Hope that helps.
    Chrispian H. Burks
    Nothing To Say

  3. #3
    ********* Ornithologist AtomicPenguin's Avatar
    Join Date
    May 2002
    Location
    Vancouver, BC
    Posts
    459
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ah! Didn't know that one, but still no go. Should the relevant files / directories have certain permissions?

    right now: .htaccess: 755
    . 777

    ?

  4. #4
    SitePoint Wizard Crowe's Avatar
    Join Date
    Nov 2001
    Location
    Huntsville
    Posts
    1,117
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Try this instead as your .htaccess file.

    Code:
    order allow,deny
    allow from all
    require valid-user
    Authname "Site Demonstration"
    Authtype Basic
    AuthUserFile /path/to/.htpasswd
    And you don't have to change permissions. It should work by default.
    Chrispian H. Burks
    Nothing To Say

  5. #5
    ********* Ornithologist AtomicPenguin's Avatar
    Join Date
    May 2002
    Location
    Vancouver, BC
    Posts
    459
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No luck, I'm afraid. Any other ideas?

  6. #6
    SitePoint Wizard Crowe's Avatar
    Join Date
    Nov 2001
    Location
    Huntsville
    Posts
    1,117
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Man, lately it seems everyone is having trouble with this. I smell a tutorial coming on

    Give me some details.

    1. Have you ever used .htaccess files on this server before?
    2. Are you certain it supports them? (Is this an apache based web server?)
    3. Is this a free host (They usually don't allow htaccess etc.)

    And...

    Did you create the file on a windows machine and upload it, if so, did you remember to make sure you were in ascii mode. Did you use a unix comptatable editor (Windows ads extra characters that sometimes mess with unix files).

    Did you put the htaccess file in the directory you want protected?

    Does anything happen? Do you get an internal server error when you try to load that directory? Which would happen if the file wasn't configured right.

    Do you get a prompt and just can't log in? Does nothing happen?

    Give me as much detail as you can and I'll see if we can't puzzle this thing out.
    Chrispian H. Burks
    Nothing To Say

  7. #7
    ********* Ornithologist AtomicPenguin's Avatar
    Join Date
    May 2002
    Location
    Vancouver, BC
    Posts
    459
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks again for your help. Here's some more details:

    - No, I've never used .htaccess files before on this server. The guy who's running & maintaining it just installed a new server in response to the specs I need (PHP, GD extension, MySQL etc.) so it's brand new and untested. He's sort of a friend of a friend but by the looks of it, not a 'guru'.
    - It IS an apache server, I think he's running it on the new Mac OSX.
    - I wondered the same thing about there being a problem since I uploaded it from my Windows/unix text file, so I've created the file directly on the server using pico.
    - When I try to access the directory, it simply ignores the .htaccess file, and automatically boots up the index.html file. The page is full of errors, but they're only due to the non-existence of MySQL on the server as is.
    - I did placed the .htaccess file in the directory I'm trying to protect.
    - I've tried placing the .htpasswd file all over the server, to rule out possibilities that maybe the path I was using was glitchy.

    Ermm... that's about it. Hope this helps, though I suspect this may just make you more puzzled!

  8. #8
    SitePoint Wizard Crowe's Avatar
    Join Date
    Nov 2001
    Location
    Huntsville
    Posts
    1,117
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Excellent checking on your part. Even if the .htaccess file can't find the .htpassword file, it'll just not let you in (nothing to authenticate against).. So your summary suggests that it's just not reading the .htaccess file.

    IIRC, (and I'm pretty sure I do) the allow users to use .htaccess comes off by default. You or he will need to enable it in the httpd.conf file. (Not sure where it is on OS X, but it's usually something like /usr/local/apache/conf or something like that.

    That will most likely get you fixed up. Whoever makes that change, make sure you notice there is a second directive that needs to be set that tells what the users are allowed to "override" with htaccess.
    Chrispian H. Burks
    Nothing To Say

  9. #9
    SitePoint Member
    Join Date
    Oct 2002
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Check the httpd.conf file(This is /etc/apache/httpd.conf on Debian, /etc/httpd/conf/httpd.conf(i think) on RedHat, use these examples to help locate the httpd.conf on OSX. Alternatively you can use the locate tool(if it is installed).

    Failing that you almost always have 'find'
    Code:
    find / |grep httpd.conf
    Once you have the httpd.conf file, look in it for AccessFileName

    (This may be in another file in the same directory as the the httpd.conf file -- check to make sure)

    you should see
    Code:
    AccessFileName .htaccess
    If it says AccessFileName something_else, have the admin change it for you(he is your friend isn't he)

    Next you have to find an AllowOverride to match the directory you are in. If he trusts you get him to set it to All(meaning that you can override anything in the .htaccess file), otherwise have him set it to AuthConfig(meaning that you can use .htaccess for, and only for authentication purposes.

    Finally I hope the above is of some help. I am not an expert in Apache. And I do not warrent the accuracy of the above. You should probably have someone check it over.(and I would apreciate some constructive criticism in the event of inacuracy of the above)


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •