LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 01-23-2003, 02:12 AM   #1
plisken
Member
 
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1/13.37/14 RedHat 6.2/7/EL6.5 SuSE 8.2/11.1
Posts: 458

Rep: Reputation: 30
.htaccess .htpasswd


How can I create the usernames and passwords that are stored in a .htpasswd file?

Is there a way to "decode" the password that is stored alongside the username?

Thanks in advance...
 
Old 01-23-2003, 02:18 AM   #2
jkrohn
Member
 
Registered: Jan 2003
Location: Urbana, IL
Distribution: Slackware, Mandrake
Posts: 62

Rep: Reputation: 15
1) To create a .htaccess file:
First make a file called .htaccess in the directory you want to protect. In that file put
Code:
AuthUserFile [pathname]/.htpasswd
AuthGroupFile /dev/null
AuthName ByPassword
AuthType Basic

require user cormac
Replace [pathname] with where you decide yto put your .htpasswd file. You can put this anywhere you want. I would reccomend that you put it outside of the webserver root and subdirectories so that it cannot be accessed via the web. (ie put it in /home/stupid or somewhere else )

Also replace cormac with whatever user you want.

2) Next at a prompt type
htpasswd -c [pathname]/.htpasswd cormac
You will then be prompted for the password.

Once again replace pathname from above and cormac with a user

When you test it, if it doesn't ask you for authentication check that you are allowing htaccess to overide the permissions in httpd.conf.
 
Old 01-24-2003, 11:10 AM   #3
jkrohn
Member
 
Registered: Jan 2003
Location: Urbana, IL
Distribution: Slackware, Mandrake
Posts: 62

Rep: Reputation: 15
Quote:
Is there a way to "decode" the password that is stored alongside the username?
Yes, if you have acess to the .htpasswd file you can quite eaisly hash the password using a one of many password crackers. John the Ripper does the job quite well.

Jkrohn
 
Old 01-24-2003, 02:30 PM   #4
plisken
Member
 
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1/13.37/14 RedHat 6.2/7/EL6.5 SuSE 8.2/11.1
Posts: 458

Original Poster
Rep: Reputation: 30
I found that the following information was added to the .htaccess file, from a password protected area that i already have:

<Limit GET POST>
require valid-user
</Limit>

What does this mean?

Also what permissions would you recomend for both the .htaccess file and also the .htpasswd file?

Thanks
 
Old 02-17-2003, 03:02 PM   #5
Cynthia Blue
Member
 
Registered: Dec 2002
Location: SLC Utah USA
Distribution: SuSe 9.1
Posts: 102

Rep: Reputation: 15
I have my htpasswd file set up, and the .htaccess file in the directory. Also had to change httpd.conf to AllowOverride AuthConfig.

When I go to the directory, it does give me the login screen asking for username and password. However, it keeps giving me this error:
Code:
This server could not verify that 
you are authorized to access the document requested. 
Either you supplied the 
wrong credentials (e.g., bad password), or your browser doesn't understand 
how to supply the credentials required.
It's a 401 error. I just change the password on my server, then go to log in on my 2nd computer, and still get the error.

Any other settings I'm missing? I've been reading over the apache help and such, and haven't found anything yet to get it to work.

Thanks.
Cyn
 
Old 05-21-2006, 01:44 PM   #6
Vasili
LQ Newbie
 
Registered: Feb 2006
Location: At Home
Distribution: RHEL 4 AS
Posts: 23

Rep: Reputation: 15
Cool same problem

Quote:
Originally Posted by Cynthia Blue
I have my htpasswd file set up, and the .htaccess file in the directory. Also had to change httpd.conf to AllowOverride AuthConfig.

When I go to the directory, it does give me the login screen asking for username and password. However, it keeps giving me this error:
Code:
This server could not verify that 
you are authorized to access the document requested. 
Either you supplied the 
wrong credentials (e.g., bad password), or your browser doesn't understand 
how to supply the credentials required.
It's a 401 error. I just change the password on my server, then go to log in on my 2nd computer, and still get the error.

Any other settings I'm missing? I've been reading over the apache help and such, and haven't found anything yet to get it to work.

Thanks.
Cyn
hey cyn we got same problem! have you solved it yet?? i'd like to get over this too!!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
htaccess/htpasswd not authenticating BrianK Linux - Software 3 12-10-2004 02:52 PM
.htaccess / .htpasswd inq Robin01 Linux - Newbie 1 12-20-2003 05:36 PM
About .htaccess & .htpasswd edhan Linux - Newbie 3 10-17-2003 12:16 AM
Help with .htpasswd and .htaccess MikeeX Linux - General 3 03-25-2003 10:41 AM
Cannot see .htaccess and .htpasswd files John_Saunders Linux - Newbie 2 07-21-2002 09:14 AM


All times are GMT -5. The time now is 03:50 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration