Login or Register to Ask a Question and Join Our Community


UNIX and Linux Applications

Authentication via .htaccess and .htpasswd

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums UNIX and Linux Applications Authentication via .htaccess and .htpasswd
# 1  
Old 12-16-2014
Authentication via .htaccess and .htpasswd
I've created .htaccess and use htpasswd comand to create .htpasswd

Now when I try to access my protected area I still have loging panel.
I checked apache error log lile and found that there is some problem with mismatch password.

I use Apache 2.2 .22
Is there some erron in creating password via htpasswd?
# 2  
Old 12-16-2014
Check to make sure your password files, etc are readable to the apache user. What are their permissions?

Please show exactly what you did. Obscure the passwords of course but we need to see your htaccess and the commands you ran and the parameters you used.
Last edited by Corona688; 12-16-2014 at 11:46 AM..
# 3  
Old 12-16-2014
.htaccess file:
Code:
########## Start - Sekcja Uwierzytelnienie
AuthUserFile /var/auth/user/.htpasswd
## gdy nie stworzono pliku opisu grup umiesc
AuthGroupFile /dev/null
## albo - jesli stworzono plik opisu grup - odkomentuj i umiesc
#AuthGroupFile /var/auth/user/.htgroups    #jesli stworzono
AuthName "Obszar chroniony"
AuthType Basic
# uzyj linii ponizej gdy jest plik opisu grupy admini (nazwa przykladowa)
require group admini
# albo zakomentuj linie powyzej a odkomentuj i uzyj ponizszej, gdy brak pliku o$
Require valid-user
########## Koniec - Sekcja Uwierzytelnienie

.htpasswd file in /var/auth/user/ (permissions 777):
Code:
user:$apr1$e.4GXdmp$Ff10Y8xP9Lp6VggoTLv7d/
user1:$apr1$X0x0/Qks$fTY.rIBDYQY4jEF8aOHCJ0
mike:$apr1$jHqiogO8$E5T1R7vTBS2Ug7hwBtGNi1
user3:$apr1$nPWaEZC5$c8Ge.kXTySKjYwl8YT83C1
user4:$apr1$FWEXpoO8$yL0xnwkwoS4lpV4MgCxQp1


To add users to .htpasswd file I use:
Code:
htpasswd -b .htpasswd username password

And when I try get to protected folder I get:
Code:
[Mon Dec 15 14:11:51 2014] [error] [client 192.168.200.15] user user: authentication failure for "/~user/private_html": Password Mismatch
[Mon Dec 15 14:11:56 2014] [error] [client 192.168.200.15] user user: authentication failure for "/~user/private_html": Password Mismatch

# 4  
Old 12-16-2014
777 is not the magic sledgehammer to solve all permissions problems. Things often refuse to use password files set 777, because a world-writable password file is simply dangerous.

Try setting it to more sensible permissions like 644 or 640.
# 5  
Old 12-16-2014
You have "require group admini", but your authgroupfile is /dev/null. Give it an authgroupfile, or remove "require group admini".
# 6  
Old 12-16-2014
Changed .htaccess to :
Code:
########## Start - Sekcja Uwierzytelnienie
AuthUserFile /var/auth/user/.htpasswd
## gdy nie stworzono pliku opisu grup umiesc
#AuthGroupFile /dev/null
## albo - jesli stworzono plik opisu grup - odkomentuj i umiesc
#AuthGroupFile /var/auth/user/.htgroups    #jesli stworzono
AuthName "Obszar chroniony"
AuthType Basic
# uzyj linii ponizej gdy jest plik opisu grupy admini (nazwa przykladowa)
require group admini
# albo zakomentuj linie powyzej a odkomentuj i uzyj ponizszej, gdy brak pliku o$
Require valid-user
########## Koniec - Sekcja Uwierzytelnienie

Set permission for .htpasswd to 644.

Stil get:

Code:
[Tue Dec 16 17:53:59 2014] [error] [client 192.168.200.16] user user: authentication failure for "/~user/private_html": Password Mismatch
[Tue Dec 16 17:54:05 2014] [error] [client 192.168.200.16] user user: authentication failure for "/~user/private_html": Password Mismatch


I found that:

.htaccess - Apache 2.4 "..authentication failure..:Password Mismatch" - Stack Overflow

But I have Apache 2.2.22
Last edited by Budrys; 12-16-2014 at 01:04 PM..
# 7  
Old 12-16-2014
Okay, so you're giving it no group file at all, and still asking that it require a valid group. Comment out this line:

Code:
# require group admini
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Web Development

.htaccess redirect with #

I have the following directive in my .htaccess: #RewriteRule ^mozrank/?$ "http://www.seobook.com/#a_aid=dh" The problem is that the redirect is going to http://www.seobook.com/%23a_aid=dh How to preserve the # when redirecting? (2 Replies)
Discussion started by: rlopes
2 Replies

2. UNIX for Advanced & Expert Users

Redirect with htaccess

Hi, I would like to use htaccess 301 redirect with URL hiding. Ex: when browse the website 'abc.com' it should show the contents of the page 'xyz.com/start/index.html' but in addressbar should show the domain 'abc.com'. I know it works with html URL frame rewrite. But my question is it... (0 Replies)
Discussion started by: chandranjoy
0 Replies

3. UNIX for Dummies Questions & Answers

Resolved: htpasswd issues (-b) on FreeBSD

I wrote a script to batch-create directories with .htaccess and .htpasswd files. I am using the following line to create the .htpasswd file: htpasswd -cb .htpasswd $USER $PASS However, I keep getting this message in return: Usage: htpasswd passwordfile username The -c flag creates a new... (1 Reply)
Discussion started by: Spetnik
1 Replies

4. UNIX for Advanced & Expert Users

need to convert passwd file to .htpasswd

I need to take our unix password file and make the usernames and passwords in a .htpasswd file to protect some webpages. I really dont want to type them in. Any suggestions how I do this? /---Frank----/ (4 Replies)
Discussion started by: frankkahle
4 Replies

5. Linux

htpasswd command not found

dear unix, need ur help, i have installed apache n apache is working... but i cant use htpasswd , the error said command not found. for web authentucation... thanks for any help :confused: (4 Replies)
Discussion started by: click007
4 Replies

6. Cybersecurity

htaccess

Something is wrong. I do everything right make the .htaccess file and stuff, but when I try the htpasswd command it says command not found. I use Putty SSH client and I think server is running RedHat 7.1 with Apache some version. HELP!!! (1 Reply)
Discussion started by: _hp_
1 Replies

7. UNIX for Dummies Questions & Answers

.htaccess

i want to protect a folder on my HP.... does the folder need more than ".htaccess" and ".htpasswd" to be protected , and ask for login and password??? Please help ...... i use HTAdmin 1.2.1 to manage my access files.. The systemadmin cant or wount answer.....:confused: Avenger (3 Replies)
Discussion started by: Avenger
3 Replies

8. UNIX for Dummies Questions & Answers

.htaccess?

For a schoolproject, I have to set up an intranet at a company headquarters in the Netherlands. But they want to give the division in the United States access to that intranet. I have to find out how to do that. I've heard that you can do that by giving certain people access to the intranet with... (1 Reply)
Discussion started by: Puc conDoin
1 Replies
Login or Register to Ask a Question