[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] .htacces not working
- Subject: Re: [cobalt-users] .htacces not working
- From: flash22@xxxxxxx
- Date: Sat Feb 2 00:51:06 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Fri, 1 Feb 2002, Cobalt wrote:
> hello
> Okay I RTFM or at least the KB stuff at cobalt.sun
>
> I did as they show for protecting a page. ref # 010608-002536
>
> The user wants to protect a directory called admin for a php program.
>
> So I telneted in as admin then su over to root. (i don't allow telneting
You don'tneed to be root to create a .htaccess file, only the site admin,
if you do create it as root, make sure the server can read it...
> #access file
> order allow,deny
> allow from all
Where did you get this? hmm
> require valid-user
> AuthName "ElizabethAshleyDolls"
> AuthType Basic
> AuthUserFile /home/sites/www.elizabethashleydolls.com/web/admin/.htpasswd
You shouldn't use a symlink path to a password file ;P also, it's usually
not good to put a password file in web readable file space
Here' sa known working example
AuthPAM_Enabled off
AuthUserFile /home/sites/site43/.htpasswd
AuthGroupFile /dev/null
AuthName "Private Members Area"
AuthType Basic
<Limit GET PUT POST>
require valid-user
</Limit>
See if that works for you :)
>
> I tried removing the first two lines. I also tried with PAM_Enabled off as
> in another KB ARticle.
>
> i did a
> htpasswd -c .htpasswd username ( i also did it with the long
> /home/sites/www.elizabethashleydolls.com/web/admin/.htpasswd username)
> put in the password
> retyped in the password
The passwd file has text in it, you can look and see if there's anyting in
it...
cd (directory your .htpasswd file is in)
htpasswd -bc .htpasswd username password
NOTE: use -c only the FIRST time, it creates/recreates the file, it will
erase the file and start over ;)
Do NOT use the users server password here, htpasswd by default uses fairly
weak encryption ;)
>
> but regardless it won't except it. just keeps asking for the
> username/password.
> the logs show no errors (/var/log/httpd/combined-access or errors or
> adm_errors)
>
> What have I done wrong or missed ?
It's doing that because you in fact have a deny-all config, even when
valid-user is true, the config is false and the server rejects
authentication ;)
try the one above ;P
It's not logging any errors because authentication failure in this case
isn't an error when you make it a necessary condition, ie, failing was
successfull ;P
gsh