LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-03-2011, 04:31 PM   #1
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,111

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
http auth woes


i've been trying to configure authentication for a particular tool on a website i've been building

i've tried php http authorization and .htaccess/.htpasswd files, neither seem to work

Code:
<?php
if (!isset($_SERVER['PHP_AUTH_TYPE'])) {
    header('WWW-Authenticate: Basic realm="My Realma"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
    exit;
} else {
    echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
    echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
print_r($_SERVER);
?>
should just echo out the user/password i entered

[code]
then i created a .htaccess file for the directory

AuthUserFile /home/user874-****/.htpasswd
AuthUserFile /dev/null
AuthName "Protected Area"
AuthType Basic

require valid-user
[code]

.htpasswd
Code:
worker:gSs4***JFQH5Q
both tests cause the browser to prompt for a username/password but both will just keep tossing the dialog in your face every time you type in a user/password, the first shouldnt require any valid information just echo what was typed in, it is as if the server isn't recieving the information

vhost file
Code:
VirtualHost *:80>
DocumentRoot "/home/user874-****/www/devel"
ServerName editortool.gotdns.org
<Directory "/home/user874-****/www/devel">
AllowOverride All
allow from all
Options +Indexes
</Directory>
</VirtualHost>
phpinfo
http://img255.imageshack.us/img255/3420/phpinfo.jpg

if you require anything else please let me know
 
Old 01-03-2011, 05:51 PM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,955

Rep: Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341
I cannot tell about the php code, but in .htaccess you should remove "AuthUserFile /dev/null". You have already defined AuthUserfile in the line above this one and besides, this directive cancels the usage of the .htpasswd.
Also when you use "/home/user874-****", I guess you don't have asterisks in the directory name. Make sure also that the apache user can read /home/user874-****/.htpasswd

Regards
 
Old 01-03-2011, 06:00 PM   #3
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,111

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by bathory View Post
I cannot tell about the php code, but in .htaccess you should remove "AuthUserFile /dev/null". You have already defined AuthUserfile in the line above this one and besides, this directive cancels the usage of the .htpasswd.
Regards
noticed that already, removed that line and it still does not work

tried chown www-data:www-data .htpasswd as well, still nothing

Code:
-rw-r--r-- 1 www-data www-data 21 2011-01-03 14:52 .htpasswd
 
Old 01-03-2011, 06:14 PM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,955

Rep: Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341
Did you close your browser and reopen it, so it starts a new session?
Also check if there is something logged in apache error_log.
 
Old 01-03-2011, 06:39 PM   #5
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,111

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
not consistantly but i occasionally got
Code:
[Mon Jan 03 14:54:05 2011] [error] [client 192.168.0.19] access to /vehicle_fixer/ failed, reason: verification of user id '<null>' not configured
 
Old 01-04-2011, 01:36 AM   #6
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,955

Rep: Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341
Hi,

This error comes from the php authorization page.
What happens when trying to authenticate with the .htaccess way? Did you try to start a new browser session and see what you get?
 
Old 01-04-2011, 11:04 AM   #7
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,111

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
yes and it does nothing but reject everything even the supposedly correct user/password but puts nothing in the error log, even while watching the log with tail -f error.log
 
Old 01-04-2011, 03:45 PM   #8
EdHeron
LQ Newbie
 
Registered: Oct 2009
Location: Albuquerque, NM USA
Distribution: Gentoo, CentOS
Posts: 8

Rep: Reputation: 0
If you are using SELinux, you might need to tell SELinux that it is OK for Apache to access that file with:

chcon --type=http_sys_content_t /home/user874-****/.htpasswd
 
Old 01-04-2011, 03:53 PM   #9
EdHeron
LQ Newbie
 
Registered: Oct 2009
Location: Albuquerque, NM USA
Distribution: Gentoo, CentOS
Posts: 8

Rep: Reputation: 0
In the PHP manual http://www.php.net/manual/en/reserve...les.server.php, it says the variable is $_SERVER['AUTH_TYPE'] not $_SERVER['PHP_AUTH_TYPE'].
 
Old 01-04-2011, 04:01 PM   #10
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,111

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
stll nothing
 
Old 01-04-2011, 04:32 PM   #11
EdHeron
LQ Newbie
 
Registered: Oct 2009
Location: Albuquerque, NM USA
Distribution: Gentoo, CentOS
Posts: 8

Rep: Reputation: 0
Looking at http://php.net/manual/en/features.http-auth.php, it seems to give conflicting information. It appears to say that PHP_AUTH_USER might not be set in all cases, but that REMOTE_USER might...

Also, the example in the manual doesn't use AUTH_TYPE. I could guess that it isn't reliable.

Rhetorical question: Why use HTTP authentication? Why not, if they aren't logged in, display a login page instead of the requested page. Or, save the requested URL and redirect them to a login page? Then, once they are logged in, give them the page they originally requested.
 
Old 01-04-2011, 05:13 PM   #12
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,111

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
it's a php script i wrote and i'm not that good at writing user login programs for php, that and i want to be able to put other non php content in that folder as well such as .inc files which are not parsed by php but have the password to the database

interestingly enough, this works
Code:
Order Deny,Allow
Deny from all
Allow from 192.168.0.xx
(192.168.0.xx is the external interface of our internal firewall, the IP addr that all traffic from our internal network appears to come from, thus allowing only the internal lan to access the site for the moment)

but a .htpasswd file does not

Last edited by frieza; 01-04-2011 at 05:17 PM.
 
Old 01-04-2011, 06:17 PM   #13
EdHeron
LQ Newbie
 
Registered: Oct 2009
Location: Albuquerque, NM USA
Distribution: Gentoo, CentOS
Posts: 8

Rep: Reputation: 0
So, you really want to use basic http authentication and get the username passed to your scripts?

Do you have AllowOverride AuthConfig in your apache config file? Without that, it will completely ignore the Auth options in your .htaccess file. If you have access to the server config file, you could just put the Auth options there.

--
Ha. too many things going on. I forgot that you posted the relevant section... and you do...

Last edited by EdHeron; 01-04-2011 at 06:18 PM. Reason: mental hiccough
 
Old 01-04-2011, 06:39 PM   #14
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,111

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
you mean like this?
Code:
VirtualHost *:80>
DocumentRoot "/home/user874-****/www/devel"
ServerName editortool.gotdns.org
<Directory "/home/user874-****/www/devel">
AllowOverride All
allow from all
Options +Indexes
</Directory>
</VirtualHost>
 
Old 01-05-2011, 01:58 AM   #15
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,955

Rep: Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341
Hi,

Your apache config is ok. The fact that you're presented the popup dialog to enter username/password means that .htaccess works, so the problem is somewhere else. The strange thing is that there are no logs about entering invalid credentials.

So, I've just look over the whole thread and noticed the attached phpinfo() image, where I saw that you're using squid proxy to access apache.
Can you bypass squid and see if auth works. Or try to access the protected dir from the server itself (using localhost).

Regards
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
HTTP auth from outside + allow from local sir-lancealot Linux - Server 1 07-29-2010 02:25 PM
http auth question razzera Debian 1 07-04-2010 11:18 AM
http auth question razzera Debian 3 06-04-2010 05:37 PM
Apache http auth. razzera Linux - Security 6 01-27-2010 07:32 AM
Swaret through http proxy+auth securedigital Slackware 8 09-30-2008 11:30 AM


All times are GMT -5. The time now is 07:26 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration