LinuxQuestions.org - 401 Authorization Required

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - 401 Authorization Required (https://www.linuxquestions.org/questions/linux-newbie-8/401-authorization-required-72082/)

401 Authorization Required

I have spent a long time researching this and have been reading various posts here (using the search engine of course) and have been reading on www.apache.org. I cannot seem to solve this problem.

K, I am trying to make it so each individual's directory will require a user authentication for them to access their /public_html/ directory. Here is the last little bit I have on my /etc/httpd/conf/httpd.conf file

<Directory "home/*/public_html">
AuthType Basic
AuthName MyPrivateFile
AuthUserFile /home/.htpasswd-allusers
Satisfy All
Require file-owner
</Directory>

the file owner in this example is testapache

When I try to access the webpace of mydomain.com/~testapache
and type in user name of testapache, with testapache's password
it doesn't accept it and gives me a 401 authorization required error after 3 attempts.

Yet when I make 1 simple change of Require file-owner to:
Require user testapache
it will accept testapache with testapache's password.

Do I just create one of these for every single directory with the Require user command or is there a way for me to authenticate it with a specific owner.

I am using Apache 2.0.40

I can't see anything about that option in the apache docs:
http://httpd.apache.org/docs-2.0/mod/core.html#require

I don't know but maybe you could use:
require user *

I found it in the FAQ.

I went to the FAQ (http://httpd.apache.org/docs/misc/FAQ.html)
section G Authentication and access restrictions

Item 2 How do I set up Apache to require a username and password to access certain documents?

Then took the mod_Auth link (http://httpd.apache.org/docs/mod/mod_auth.html)

Here is what it says.

file-owner
[Available after Apache 1.3.20] The supplied username and password must be in the AuthUserFile database, and the username must also match the system's name for the owner of the file being requested. That is, if the operating system say the requested file is owned by jones, then the username used to access it through the Web must be jones as well.

It looks like they probably disabled this option in 2.0 and their FAQ is for 1.3 still.

Unfortunately the asterisk does not work either (Require user *)

Thank you for your help david_ross

maybe you could put the * in the AuthUserFile - eg have one in each home directory or just use a virtual path such as just ".htaccess" (I think this should let you specify one in each of the home dirs) From there you could just use "require valid-user"

The * in the AuthUserFile doesnt work either. Looks like I will have to just either set it up for each directory or allow the .htaccess file to allow the override and set it up in each directory.

Thanks for your help david_ross

The only other solution I can think of is not to use the home feature at all and use a perl script (you can include a script in the config) to build a list of users from the htpasswd file and create an entry for each in the config file.