LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-03-2003, 09:32 PM   #1
tomlow
LQ Newbie
 
Registered: Jan 2002
Location: New York
Distribution: Mandrake/Elx/Slack
Posts: 7

Rep: Reputation: 0
Protecting a directory with mod_auth_db


Hi. I have gotten this to work before but I just upgraded my distro (pointclark) and am stuck.

The instruction on how to do this are pretty straight forward and easy, but everytime I go to the web page I am trying to protect the password never works. I get the same web page.....

Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

I put the configuration in to the directory section of http.conf

<Directory /var/www/html/admin>
AuthName "Go away"
AuthType Basic
AuthDBUserFile /usr/local/apache/passwd/passwords.dat
require user admin
SSLRequireSSL
</Directory>

The password is created and updated with out a hitch usung dbmmanage. Is there anything I could be overlooking here? I have restarted the web server after all changes to conf file and password updates. I even tried several locations for my passwords.dat file.

Any clues?
TIA
Tom

Last edited by tomlow; 02-03-2003 at 09:34 PM.
 
Old 02-04-2003, 06:11 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,003
Blog Entries: 54

Rep: Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756
Maybe a stupid question, but did you load mod_auth_db?
And what does apache_error.log say?
 
Old 02-04-2003, 10:30 PM   #3
tomlow
LQ Newbie
 
Registered: Jan 2002
Location: New York
Distribution: Mandrake/Elx/Slack
Posts: 7

Original Poster
Rep: Reputation: 0
Hi unSpawn

This is the error log

[Tue Feb 4 23:08:41 2003] [error] [client 192.168.1.102] could not open db auth file: /var/www/passwords.dat
[Tue Feb 4 23:08:41 2003] [error] [client 192.168.1.102] DB user admin not found: /var/www/html/admin


I have these 2 lines in my http.conf

LoadModule db_auth_module modules/mod_auth_db.so
LoadModule dbm_auth_module modules/mod_auth_dbm.so

This is where it gets loaded I take it.

And if I do

dbmmanage /var/www/passwords.dat view

I get

admin: xjklfgsfjlgs

Anything else I can look for?

Thanks
 
Old 02-06-2003, 05:56 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,003
Blog Entries: 54

Rep: Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756
You specified AuthDBUserFile /usr/local/apache/passwd/passwords.dat for dir /var/www/html/admin, and the error says db auth file: /var/www/passwords.dat, so I think it expects to see the db in another place. As a result it can't find the user too.
 
Old 02-06-2003, 09:38 AM   #5
tomlow
LQ Newbie
 
Registered: Jan 2002
Location: New York
Distribution: Mandrake/Elx/Slack
Posts: 7

Original Poster
Rep: Reputation: 0
oops...I started changing locations and was trying different things and gave you the wrong lines in the error log.

[Wed Feb 5 21:04:46 2003] [error] [client 192.168.1.102] could not open db auth file: /usr/local/apache/passwd/passwords.dat
[Wed Feb 5 21:04:46 2003] [error] [client 192.168.1.102] DB user admin not found: /var/www/html/admin


is what I should have posted.

I went with just basic auth and it works fine but im still wondering why it wont work using db.

Thanks
 
Old 02-11-2003, 05:16 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,003
Blog Entries: 54

Rep: Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756
Is the passwords.dat permissions set to at least 0644?
 
Old 02-11-2003, 12:30 PM   #7
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
unSpawn, it doesn't need 0644 it just needs to be READABLE by the webserver and nobody else ... be sure to protect the file also ...
 
Old 02-11-2003, 02:00 PM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,003
Blog Entries: 54

Rep: Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756Reputation: 2756
Woops. Bad mistake. Apologies.
 
Old 02-12-2003, 12:12 AM   #9
tomlow
LQ Newbie
 
Registered: Jan 2002
Location: New York
Distribution: Mandrake/Elx/Slack
Posts: 7

Original Poster
Rep: Reputation: 0
Well it was set to 0644 but it wasn't set for apache to read. I just changed it to owner root and group apache(user name of web server) . Restarted the web server. And still no go. Every thing is still set up as before in my first post and the error msg are the same.

Thanks again.
 
Old 02-12-2003, 04:07 PM   #10
cyberskye
Member
 
Registered: Feb 2003
Location: The City by the Bay
Posts: 116

Rep: Reputation: 15
Quote:
<Directory /var/www/html/admin>
AuthName "Go away"
AuthType Basic
AuthDBUserFile /usr/local/apache/passwd/passwords.dat
require user admin
SSLRequireSSL
</Directory>
Shouldn't it read AuthDBMType and AuthDBMUserFile, etc?
BerkleyDB and DBM use different structures within their dbase files. There have been some issues with Redhat 7.x and authdbm.

I have even heard some suggest not enabling both mod_auth_db and mod_auth_dbm, or at least setting one to non-authorative via AuthDBMAuthoritative Off

Seems that two different modules may be fighting to authenticate you, but only one has the db...

I assume that the group apache exists.

Hope that helps - will be following this post closely now to see how it works out!

Skye
 
Old 02-12-2003, 11:32 PM   #11
tomlow
LQ Newbie
 
Registered: Jan 2002
Location: New York
Distribution: Mandrake/Elx/Slack
Posts: 7

Original Poster
Rep: Reputation: 0
Welcome aboard

Well I just tried AuthDBMType and AuthDBMUserFile and when I restarted it failed complaining about AuthDBMType and didnt took it out and left AuthDBMUserFile. It didnt complain but it didnt work out either. But now after I changed it all back, I went to restart and now I get something that looks like a lot more fun


--------------------------------------------------------------------------------

Failed to start apache :
Starting httpd: Ouch! ap_mm_create(1048576, "/var/run/httpd.mm.4690") failed
Error: MM: mm:core: failed to acquire semaphore (No space left on device): OS: Identifier removed
[FAILED]


The error log just says
semget : no space left on device

Any ideas on that?

I was getting ready to take out auth_dbm before this happened.

Thanks for your help

Last edited by tomlow; 02-12-2003 at 11:57 PM.
 
Old 02-12-2003, 11:35 PM   #12
tomlow
LQ Newbie
 
Registered: Jan 2002
Location: New York
Distribution: Mandrake/Elx/Slack
Posts: 7

Original Poster
Rep: Reputation: 0
Well I got past that nasty error and took out auth_dbm and still no go.

Last edited by tomlow; 02-12-2003 at 11:56 PM.
 
Old 02-13-2003, 12:46 AM   #13
cyberskye
Member
 
Registered: Feb 2003
Location: The City by the Bay
Posts: 116

Rep: Reputation: 15
Glad I could help...
Again, I shall be humbly following the developments in this post

Edit: Thanks for the welcome. I've been looking through the boards and searching some. I like!

Last edited by cyberskye; 02-13-2003 at 12:50 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Protecting a Laptop? flamesrock Linux - Hardware 4 09-11-2005 10:08 PM
Protecting myself...lol yanik Fedora 14 12-17-2004 03:29 PM
Protecting a directory with chmod, owner, groups, others clarence1720 Linux - Newbie 12 11-06-2004 01:33 AM
Password protecting a directory? How? Thrifty Linux - Security 7 07-20-2004 08:25 PM
is slackware protecting me? shanenin Slackware 1 10-19-2003 09:28 AM


All times are GMT -5. The time now is 08:11 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration