| Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
01-03-2011, 03:31 PM
|
#1
|
|
Senior Member
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
|
http auth woes
i've been trying to configure authentication for a particular tool on a website i've been building
i've tried php http authorization and .htaccess/.htpasswd files, neither seem to work
Code:
<?php
if (!isset($_SERVER['PHP_AUTH_TYPE'])) {
header('WWW-Authenticate: Basic realm="My Realma"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
print_r($_SERVER);
?>
should just echo out the user/password i entered
[code]
then i created a .htaccess file for the directory
AuthUserFile /home/user874-****/.htpasswd
AuthUserFile /dev/null
AuthName "Protected Area"
AuthType Basic
require valid-user
[code]
.htpasswd
Code:
worker:gSs4***JFQH5Q
both tests cause the browser to prompt for a username/password but both will just keep tossing the dialog in your face every time you type in a user/password, the first shouldnt require any valid information just echo what was typed in, it is as if the server isn't recieving the information
vhost file
Code:
VirtualHost *:80>
DocumentRoot "/home/user874-****/www/devel"
ServerName editortool.gotdns.org
<Directory "/home/user874-****/www/devel">
AllowOverride All
allow from all
Options +Indexes
</Directory>
</VirtualHost>
phpinfo
http://img255.imageshack.us/img255/3420/phpinfo.jpg
if you require anything else please let me know |
|
|
|
|
01-03-2011, 04:51 PM
|
#2
|
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,224
|
I cannot tell about the php code, but in .htaccess you should remove "AuthUserFile /dev/null". You have already defined AuthUserfile in the line above this one and besides, this directive cancels the usage of the .htpasswd.
Also when you use "/home/user874-****", I guess you don't have asterisks in the directory name. Make sure also that the apache user can read /home/user874-****/.htpasswd
Regards
|
|
|
|
|
01-03-2011, 05:00 PM
|
#3
|
|
Senior Member
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Original Poster
|
Quote:
Originally Posted by bathory
I cannot tell about the php code, but in .htaccess you should remove "AuthUserFile /dev/null". You have already defined AuthUserfile in the line above this one and besides, this directive cancels the usage of the .htpasswd.
Regards
|
noticed that already, removed that line and it still does not work
tried chown www-data:www-data .htpasswd as well, still nothing
Code:
-rw-r--r-- 1 www-data www-data 21 2011-01-03 14:52 .htpasswd
|
|
|
|
|
01-03-2011, 05:14 PM
|
#4
|
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,224
|
Did you close your browser and reopen it, so it starts a new session?
Also check if there is something logged in apache error_log.
|
|
|
|
|
01-03-2011, 05:39 PM
|
#5
|
|
Senior Member
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Original Poster
|
not consistantly but i occasionally got
Code:
[Mon Jan 03 14:54:05 2011] [error] [client 192.168.0.19] access to /vehicle_fixer/ failed, reason: verification of user id '<null>' not configured
|
|
|
|
|
01-04-2011, 12:36 AM
|
#6
|
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,224
|
Hi,
This error comes from the php authorization page.
What happens when trying to authenticate with the .htaccess way? Did you try to start a new browser session and see what you get?
|
|
|
|
|
01-04-2011, 10:04 AM
|
#7
|
|
Senior Member
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Original Poster
|
yes and it does nothing but reject everything even the supposedly correct user/password but puts nothing in the error log, even while watching the log with tail -f error.log
|
|
|
|
|
01-04-2011, 02:45 PM
|
#8
|
|
LQ Newbie
Registered: Oct 2009
Location: Albuquerque, NM USA
Distribution: Gentoo, CentOS
Posts: 8
Rep: 
|
If you are using SELinux, you might need to tell SELinux that it is OK for Apache to access that file with:
chcon --type=http_sys_content_t /home/user874-****/.htpasswd
|
|
|
|
|
01-04-2011, 02:53 PM
|
#9
|
|
LQ Newbie
Registered: Oct 2009
Location: Albuquerque, NM USA
Distribution: Gentoo, CentOS
Posts: 8
Rep:
|
In the PHP manual http://www.php.net/manual/en/reserve...les.server.php, it says the variable is $_SERVER['AUTH_TYPE'] not $_SERVER['PHP_AUTH_TYPE']. |
|
|
|
|
01-04-2011, 03:01 PM
|
#10
|
|
Senior Member
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Original Poster
|
stll nothing
|
|
|
|
|
01-04-2011, 03:32 PM
|
#11
|
|
LQ Newbie
Registered: Oct 2009
Location: Albuquerque, NM USA
Distribution: Gentoo, CentOS
Posts: 8
Rep:
|
Looking at http://php.net/manual/en/features.http-auth.php, it seems to give conflicting information. It appears to say that PHP_AUTH_USER might not be set in all cases, but that REMOTE_USER might...
Also, the example in the manual doesn't use AUTH_TYPE. I could guess that it isn't reliable.
Rhetorical question: Why use HTTP authentication? Why not, if they aren't logged in, display a login page instead of the requested page. Or, save the requested URL and redirect them to a login page? Then, once they are logged in, give them the page they originally requested. |
|
|
|
|
01-04-2011, 04:13 PM
|
#12
|
|
Senior Member
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Original Poster
|
it's a php script i wrote and i'm not that good at writing user login programs for php, that and i want to be able to put other non php content in that folder as well such as .inc files which are not parsed by php but have the password to the database
interestingly enough, this works
Code:
Order Deny,Allow
Deny from all
Allow from 192.168.0.xx
(192.168.0.xx is the external interface of our internal firewall, the IP addr that all traffic from our internal network appears to come from, thus allowing only the internal lan to access the site for the moment)
but a .htpasswd file does not
Last edited by frieza; 01-04-2011 at 04:17 PM.
|
|
|
|
|
01-04-2011, 05:17 PM
|
#13
|
|
LQ Newbie
Registered: Oct 2009
Location: Albuquerque, NM USA
Distribution: Gentoo, CentOS
Posts: 8
Rep:
|
So, you really want to use basic http authentication and get the username passed to your scripts?
Do you have AllowOverride AuthConfig in your apache config file? Without that, it will completely ignore the Auth options in your .htaccess file. If you have access to the server config file, you could just put the Auth options there.
--
Ha. too many things going on. I forgot that you posted the relevant section... and you do...
Last edited by EdHeron; 01-04-2011 at 05:18 PM.
Reason: mental hiccough
|
|
|
|
|
01-04-2011, 05:39 PM
|
#14
|
|
Senior Member
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Original Poster
|
you mean like this?
Code:
VirtualHost *:80>
DocumentRoot "/home/user874-****/www/devel"
ServerName editortool.gotdns.org
<Directory "/home/user874-****/www/devel">
AllowOverride All
allow from all
Options +Indexes
</Directory>
</VirtualHost>
|
|
|
|
|
01-05-2011, 12:58 AM
|
#15
|
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,224
|
Hi,
Your apache config is ok. The fact that you're presented the popup dialog to enter username/password means that .htaccess works, so the problem is somewhere else. The strange thing is that there are no logs about entering invalid credentials.
So, I've just look over the whole thread and noticed the attached phpinfo() image, where I saw that you're using squid proxy to access apache.
Can you bypass squid and see if auth works. Or try to access the protected dir from the server itself (using localhost).
Regards
|
|
|
1 members found this post helpful.
|
All times are GMT -5. The time now is 07:58 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
