login problems - htaccess / htpasswd
 

Redhat9, Apache 2.0.

Apache serves 'unprotected' pages just fine. Create .htaccess and .htpasswd files, restart httpd, and can get a login prompt as specified in htaccess, but wont accept passwords! Just kicks back to login as if entered wrong pwd. I'm trying to login from a WinXP system. Here is .htaccess:

AuthName "Log into private area"
AuthType Basic
AuthUserFile /home/mike/.htpasswd
Require user music

So then I created .htapsswd to be in my home dir (cuz I read it's not ideal to have it in the same dir you're protecting?) with user 'music' and pwd 'musak':

htpasswd -cb /home/mike/.htpasswd music musak

After running "htpasswd --help", I saw the different encryption options and tried 'em all, but all failed the same way as above. 'music' doesnt need to be an existing user on this linux box, right? In case it did, I changed Require line to valid-user and used an existing user on this system and it still failed the same way.

Please shed some light... Thx

I wonder...
Can the account that the apache daemon runs as (it would be the user httpd or apache) read that file in /home/mike? Old Redhats protect users' home directories by denying the "other" group all access. You'll need at least the 'x' access bit for "others" set for your homedirectory (drwx--x--x for instance) for apache to see that .htpasswd file.
Run and try logging in again.
Also, the .htpasswd file itself should at least be readable by the apache process....
Eric

you got it! thanks a lot!

Usually the .htpasswd file is on a non-web-accessible branch of the apache tree, such as /usr/local/apache/passwords, or /etc/httpd/passwords, which makes it easier to configure for apache to read, without opening your home directory to everyone.

http://httpd.apache.org/docs/2.0/howto/auth.html

duly noted!