idiot question about http auth - Ubuntu

This is a discussion on idiot question about http auth - Ubuntu ; Suppose I have a folder called "contentingester". Suppose inside of that folder I put an .htaccess file and inside of that I put this: AuthUserFile /root/bluepie_content_ingester/.htpasswd AuthName "Content Ingester" AuthGroupFile /dev/null AuthType Basic require valid-user Suppose I cd to /root/bluepie_content_ingester/ ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: idiot question about http auth

  1. idiot question about http auth


    Suppose I have a folder called "contentingester".

    Suppose inside of that folder I put an .htaccess file and inside of that
    I put this:


    AuthUserFile /root/bluepie_content_ingester/.htpasswd
    AuthName "Content Ingester"
    AuthGroupFile /dev/null
    AuthType Basic
    require valid-user


    Suppose I cd to /root/bluepie_content_ingester/ and run this command:

    htpasswd -c .htpasswd zippy


    Then I type the password twice.

    Now I point my browser to the "contentingester" folder on my site.

    I can't get in, no matter how many times I type that password.

    What am I doing wrong?

  2. Re: idiot question about http auth

    Lawrence Krubner wrote:
    >
    > Suppose I have a folder called "contentingester".
    >
    > Suppose inside of that folder I put an .htaccess file and inside of that
    > I put this:
    >
    >
    > AuthUserFile /root/bluepie_content_ingester/.htpasswd

    ....

    (snip)

    > Now I point my browser to the "contentingester" folder on my site.
    >
    > I can't get in, no matter how many times I type that password.
    >
    > What am I doing wrong?


    Maybe you're not running the apache demon? (I hope it wasn't a trick
    question :-) )

    Permissions on .htaccess wrong?

    Maybe .htaccess files are prohibited by the apache config file?
    Which, incidentally, seems to be the preferred place apparently for
    doing this sort of thing.


  3. Re: idiot question about http auth

    Mike Scott wrote:
    > Lawrence Krubner wrote:
    >>
    >> Suppose I have a folder called "contentingester".
    >>
    >> Suppose inside of that folder I put an .htaccess file and inside of
    >> that I put this:
    >>
    >>
    >> AuthUserFile /root/bluepie_content_ingester/.htpasswd

    > ...
    >
    > (snip)
    >
    >> Now I point my browser to the "contentingester" folder on my site.
    >>
    >> I can't get in, no matter how many times I type that password.
    >>
    >> What am I doing wrong?

    >
    > Maybe you're not running the apache demon? (I hope it wasn't a trick
    > question :-) )
    >
    > Permissions on .htaccess wrong?



    That's interesting. What are the correct permissions for .htaccess?



    > Maybe .htaccess files are prohibited by the apache config file?
    > Which, incidentally, seems to be the preferred place apparently for
    > doing this sort of thing.
    >


  4. Re: idiot question about http auth

    Lawrence Krubner wrote:
    ....
    >> Permissions on .htaccess wrong?

    >
    >
    > That's interesting. What are the correct permissions for .htaccess?


    Don't know offhand how picky the demon is - but it obviously needs to be
    readable by whatever user httpd is running as. Same goes for the httpd
    password file. (I managed to get both owned by root with 0600
    permissions at one point. didn't work too well :-) )

    My own password file is 0644 (& I know that's too open); I've merged all
    the .htaccess files into the config file (for the reason noted below) so
    can't check, sorry.
    >
    >
    >
    >> Maybe .htaccess files are prohibited by the apache config file?
    >> Which, incidentally, seems to be the preferred place apparently for
    >> doing this sort of thing.
    >>


  5. Re: idiot question about http auth

    Lawrence Krubner wrote:
    > Mike Scott wrote:
    >> Lawrence Krubner wrote:
    >>>
    >>> Suppose I have a folder called "contentingester".
    >>>
    >>> Suppose inside of that folder I put an .htaccess file and inside of
    >>> that I put this:
    >>>
    >>>
    >>> AuthUserFile /root/bluepie_content_ingester/.htpasswd

    >> ...
    >>
    >> (snip)
    >>
    >>> Now I point my browser to the "contentingester" folder on my site.
    >>>
    >>> I can't get in, no matter how many times I type that password.
    >>>
    >>> What am I doing wrong?

    >>
    >> Maybe you're not running the apache demon? (I hope it wasn't a trick
    >> question :-) )
    >>
    >> Permissions on .htaccess wrong?

    >
    >
    > That's interesting. What are the correct permissions for .htaccess?



    Does anyone know what module is responsible for auth? I wanted to make
    sure it was loaded.



    # Dynamic Shared Object (DSO) Support
    #
    # To be able to use the functionality of a module which was built as a
    DSO you
    # have to place corresponding `LoadModule' lines at this location so the
    # directives contained in it are actually available _before_ they are used.
    # Statically compiled modules (those listed by `httpd -l') do not need
    # to be loaded here.
    #
    # Example:
    # LoadModule foo_module modules/mod_foo.so
    #
    LoadModule access_module modules/mod_access.so
    LoadModule auth_module modules/mod_auth.so
    LoadModule auth_anon_module modules/mod_auth_anon.so
    LoadModule auth_dbm_module modules/mod_auth_dbm.so
    LoadModule auth_digest_module modules/mod_auth_digest.so
    LoadModule ldap_module modules/mod_ldap.so
    LoadModule auth_ldap_module modules/mod_auth_ldap.so
    LoadModule include_module modules/mod_include.so
    LoadModule log_config_module modules/mod_log_config.so
    LoadModule logio_module modules/mod_logio.so
    LoadModule env_module modules/mod_env.so
    LoadModule mime_magic_module modules/mod_mime_magic.so
    LoadModule cern_meta_module modules/mod_cern_meta.so
    LoadModule expires_module modules/mod_expires.so
    LoadModule deflate_module modules/mod_deflate.so
    LoadModule headers_module modules/mod_headers.so
    LoadModule usertrack_module modules/mod_usertrack.so
    LoadModule setenvif_module modules/mod_setenvif.so
    LoadModule mime_module modules/mod_mime.so
    LoadModule dav_module modules/mod_dav.so
    LoadModule status_module modules/mod_status.so
    LoadModule autoindex_module modules/mod_autoindex.so
    LoadModule asis_module modules/mod_asis.so
    LoadModule info_module modules/mod_info.so
    LoadModule dav_fs_module modules/mod_dav_fs.so
    LoadModule vhost_alias_module modules/mod_vhost_alias.so
    LoadModule negotiation_module modules/mod_negotiation.so
    LoadModule dir_module modules/mod_dir.so
    LoadModule actions_module modules/mod_actions.so
    LoadModule speling_module modules/mod_speling.so
    LoadModule userdir_module modules/mod_userdir.so
    LoadModule alias_module modules/mod_alias.so
    LoadModule rewrite_module modules/mod_rewrite.so
    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
    LoadModule proxy_connect_module modules/mod_proxy_connect.so
    LoadModule cache_module modules/mod_cache.so
    LoadModule suexec_module modules/mod_suexec.so
    LoadModule disk_cache_module modules/mod_disk_cache.so
    LoadModule file_cache_module modules/mod_file_cache.so
    LoadModule mem_cache_module modules/mod_mem_cache.so
    LoadModule cgi_module modules/mod_cgi.so




  6. Re: idiot question about http auth

    Lawrence Krubner wrote:
    > Lawrence Krubner wrote:
    >> Mike Scott wrote:
    >>> Lawrence Krubner wrote:
    >>>>
    >>>> Suppose I have a folder called "contentingester".
    >>>>
    >>>> Suppose inside of that folder I put an .htaccess file and inside of
    >>>> that I put this:
    >>>>
    >>>>
    >>>> AuthUserFile /root/bluepie_content_ingester/.htpasswd
    >>> ...
    >>>
    >>> (snip)
    >>>
    >>>> Now I point my browser to the "contentingester" folder on my site.
    >>>>
    >>>> I can't get in, no matter how many times I type that password.
    >>>>
    >>>> What am I doing wrong?
    >>>
    >>> Maybe you're not running the apache demon? (I hope it wasn't a trick
    >>> question :-) )
    >>>
    >>> Permissions on .htaccess wrong?

    >>
    >>
    >> That's interesting. What are the correct permissions for .htaccess?

    >
    >
    > Does anyone know what module is responsible for auth? I wanted to make
    > sure it was loaded.
    >


    grep -i auth ~www/httpd.conf gives:

    LoadModule auth_basic_module /usr/local/libexec/apache22/mod_auth_basic.so
    LoadModule authn_file_module /usr/local/libexec/apache22/mod_authn_file.so
    LoadModule authz_user_module /usr/local/libexec/apache22/mod_authz_user.so

    No idea what they do :-) But auth_basic_module sounds as if it might be
    a, well, basic requirement - I didn't spot it in your list, so just
    maybe that's the problem.

    apache 2.2.6 btw.

+ Reply to Thread