I've been working on setting up authetntication for an apache server I am running on my mandrdake 10.1 box, mainly to be used as a fileserver for my friends and I an dpossibly just a news site for people I know that are out of town. THe current problem is that I attempted to set up Digest authentication on the server so that people who were just trying out random IP addresses along the school's network wouldn't be able to just find our stuff and begin downloading. I currently have the directory Alias's I wish to have protected given this:

AuthType Digest
AuthName "Invite only access"
AuthDigestFile /etc/httpd/.htpasswd/users
require valid-user

I have checked and I believe the file for the user names and passwords to be correct, even though I was unsure as to what they wanted for a "realm"

The problem so far is that, even though it is properly blocking the directories, at no point does as popup box come up asking for a name or password. I'm sure it's probably some simply line of code that I don't know about, but after reading through an oreilly book for a bit, seraching this site and googling around, I still have been unable to find any kind of complete guide to how to go about doing this.

Any kind of help figuring this out would be appreciated.

I am curious why you are using "Digest" access instead of "basic" (the more-or-less norm for password protected directories with apache)

Well it was my understanding that Basic was completely unencrypted, and from the looks of things it did not appear that configuring digest was any more complicated. I had planend on hopefully expanding this site one way or another, so I was going to simply go with an encrypted password system.

Besides, my school is absolutely full of nerds like me. I wouldn't put it past some of them to know some tricks.

Is it really a problem that it's digest instead of basic?

EDIT: And I just tried it as basic instead of digest, and still no go. Still no request for my name and password.

Basic is not unencrypted. You need to setup a password file that holds encrypted passwords outside of any web accessible directory. Assuming you're using Apache 2.0 you can find the docs here ...

http://httpd.apache.org/docs-2.0/mod/core.html

3/4 of the way down the page you'll see the info on basic with this sample code:

AuthType Basic
AuthName "Restricted Resource"
AuthUserFile /web/users
AuthGroupFile /web/groups
Require group admin

Apache says this is the preferred method over using .htaccess

There are links in that section that tell you how to setup groups, users and passwords.

HTH

Cheers

I already have done all of this, and there is no pop up box. I have added that code, and all that happens when I try to go to that link is that it deny's me access and never gives me the option to enter a name and password.

Do you get a 403 or 500?

Also, is apache allowing overrides from .htaccess files?

Also, a .htpasswd directory could be problematic, though I am not sure.