[NTLUG:Discuss] No login challenge

Ted ted at KI5U.net
Tue Dec 30 13:35:34 CST 2003 

Thanks Patrick.  Here's what I started with in the filespec. <.htaccess> 
blank.  Did not work.

<Directory "/var/www/cgi-bin">
         AllowOverride All
         AllowOverride AuthConfig
         AuthName "Restricted Site"
         AuthType Basic
         AuthUserFile /var/www/SitePsw/password
         require user Ted
         Options ExecCGI Includes FollowSymLinks Indexes MultiViews
         AddHandler cgi-script cgi pl
         Allow from all
         Order allow,deny
</Directory>


Then I tried the below using both .htaccess and file specs.  Still does not 
work.

<.htaccess contents>
AuthType Basic
AuthName "Restricted Site"
AuthUserFile /var/www/SitePsw/password
Require user Ted

<Apache.conf contents>
<Directory "/var/www/cgi-bin">
         AllowOverride AuthConfig
         Options ExecCGI Includes FollowSymLinks Indexes MultiViews
         AddHandler cgi-script cgi pl
         Order allow,deny
</Directory>

My understanding is that the Apache server should issue a 401, to which the 
browser responds with a logon box (I'm using IE6).  There must be some 
other Apache.conf setting that is wrong.  I need to trap the transactions I 
suppose.

Another thing I've noticed is that when switching from non-secure to secure 
environment, a httpd restart isn't sufficient.  A reboot appears to be 
required.  Perhaps this is an indication of the problem.


At 09:31 AM 12/30/2003 -0700, you wrote:
>Ted-
>
>At minimum you need the following apache directives in order to turn
>on authentication:
>
>AuthType Basic
>AuthName "My Realm"
>AuthUserFile /full/path/to/password_file
>Require valid-user
>
>These can go in either a <Directory> section or in a .htaccess file.
>If in a .htaccess file, you have to make sure that the httpd.conf file
>specifies "AllowOverride AuthConfig" for the directory containing the
>.htaccess file.  However, I'd recommend getting it to work within the
>httpd.conf file before trying the .htaccess.  Also, it's worth remembering
>that you have to restart the webserver after making any changes to
>httpd.conf (I often forget to do this step).
>
>Pm
>
>
>On Tue, Dec 30, 2003 at 04:34:41AM -0600, Ted wrote:
> > Hello to the group.
> >
> > I'm running Apache 2.0.40 on Red Hat 2.4.18-14.  I've established a
> > perl-based web site that runs fine.  When I turn on security by adding
> > Authentication per Apache 2.0 documentation, I cannot get Apache to 
> issue a
> > login challenge window.  I've tried the placing commands in both the
> > <directory format in httpd.conf and using .htaccess.  Help would be
> > appreciated.
> >
> > Thanks,
> >
> > Ted
> >
> >
> > _______________________________________________
> > https://ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list