Authentication, Authorization and Access Control

tommytomato · 02-04-2004, 07:16 AM

Authentication, Authorization and Access Control

I've never been able to get this going so my question is, is this the right way to do it for Fedora Core 1 system.

I cant seem to find the path it talks about,

http://httpd.apache.org/docs-2.0/howto/auth.html

on the subject ( Getting it working )

it goes on about htpasswd -c /usr/local/apache/passwd/passwords rbowen .

is this correct ?

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /usr/local/apache/passwd/passwords
Require user rbowen

when i search for apache/passwd/passwords i cant find it

all i have is

[root@www root]# find / -name apache
/var/cache/alchemist/apache
/etc/webmin/apache
/usr/libexec/webmin/apache
/usr/libexec/webmin/caldera/apache
/usr/libexec/webmin/mscstyle3/apache
[root@www root]# find / -name htpasswd
/usr/bin/htpasswd

I am real lost on this one..

TT

tommytomato · 02-04-2004, 08:10 AM

Just an update i have followed that page to a T

and i dont get the password box pop up.

[root@www root]# htpasswd -c /var/www/pass/passwords my_user
New password:
Re-type new password:
Adding password for user my_user

here is what i put under my folder i wish to protect .htaccess
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/www/pass/passwords
Require user my_user

Am i missing some thing here ?

TT

cyberskye · 02-04-2004, 04:22 PM

Quote:

here is what i put under my folder i wish to protect .htaccess

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/www/pass/passwords
Require user my_user

That part looks ok to me.

Starting from the beginning...

1. are you sure that mod_auth is installed? Check httpd.conf

2. Have you allowed file overrides via a container directive for the folder you wish to protect? By default, apache has pretty restrictive settings here. You need to explicitly allow file overrides in httpd.conf

Skye

tommytomato · 02-04-2004, 07:01 PM

Ok i checked the httpd.conf file

is this what you where talking about

LoadModule auth_module modules/mod_auth.so

As to the 2nd one you were talking about i'm alittle lost

TT

cyberskye · 02-04-2004, 07:08 PM

OK that's a yes for #1

Read up on mod_auth. You have to use a container directive e.g

<DIRECTORY (your.protected.dir.name)>
AllowOverride AuthConfig
</DIRECTORY>

http://httpd.apache.org/docs-2.0/howto/auth.html - look under 'pre-requisites'

tommytomato · 02-04-2004, 07:11 PM

So this container directive

has to go into the httpd.conf as well ?

TT

tommytomato · 02-04-2004, 07:19 PM

Thank you,

I just added it to the bottom of the httpd.conf file

and it worked.

thank you, i'll write my self and short doc on it now

TT

cyberskye · 02-04-2004, 11:23 PM

cheers. In your httpd.conf there is a

<DIRECTORY />
AllowOverrides None
</DIRECTORY>

block which tells apache to ignore .htaccess files for the whole document root. specific rules beat generic ones, so by calling your specific directory out in it's own container, you override the override. You could do the same with a FILE container if you don't need to protect the whole folder..