FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 03-08-2010, 06:48 PM
Laurent Kappler
 
Default htpasswd works only for valid-user

Hi

I'm using htpasswd to write the user password form my htaccess.

It works only if I put "require valid-user" not if I put "require
specificuser"


any idea?

thx
Laurent
 
Old 03-08-2010, 07:02 PM
Alan McKinnon
 
Default htpasswd works only for valid-user

On Monday 08 March 2010 21:48:12 Laurent Kappler wrote:
> Hi
>
> I'm using htpasswd to write the user password form my htaccess.
>
> It works only if I put "require valid-user" not if I put "require
> specificuser"
>
> any idea?

It should work, if everything else is correct. With that in mind,


What do you mean by "doesn't work?" i.e. what exact error is in the logs as
the reason for the failure.

Also, please provide the relevant config for the directory in question?

--
alan dot mckinnon at gmail dot com
 
Old 03-08-2010, 10:12 PM
Mick
 
Default htpasswd works only for valid-user

On Monday 08 March 2010 19:48:12 Laurent Kappler wrote:
> Hi
>
> I'm using htpasswd to write the user password form my htaccess.
>
> It works only if I put "require valid-user" not if I put "require
> specificuser"
>
> any idea?

Have you tried:

AuthType Basic (or Digest)
AuthUserFile /usr/local/apache/passwd/htpasswords
Require user specificuser

Make sure that the path to the htpasswords file is outside your webroot - you
don't want visitors to be able to access it!
--
Regards,
Mick
 
Old 03-09-2010, 01:54 AM
Harry Putnam
 
Default htpasswd works only for valid-user

Alan McKinnon <alan.mckinnon@gmail.com> writes:

> On Monday 08 March 2010 21:48:12 Laurent Kappler wrote:
>> Hi
>>
>> I'm using htpasswd to write the user password form my htaccess.
>>
>> It works only if I put "require valid-user" not if I put "require
>> specificuser"
>>
>> any idea?
>
> It should work, if everything else is correct. With that in mind,
>
>
> What do you mean by "doesn't work?" i.e. what exact error is in the logs as
> the reason for the failure.
>
> Also, please provide the relevant config for the directory in question?

also... what is in .htaccess (with any sensitive data x'ed out)
 
Old 03-09-2010, 02:50 PM
Laurent Kappler
 
Default htpasswd works only for valid-user

Mick a écrit :

On Monday 08 March 2010 19:48:12 Laurent Kappler wrote:


Hi

I'm using htpasswd to write the user password form my htaccess.

It works only if I put "require valid-user" not if I put "require
specificuser"

any idea?



Have you tried:

AuthType Basic (or Digest)
AuthUserFile /usr/local/apache/passwd/htpasswords
Require user specificuser

Make sure that the path to the htpasswords file is outside your webroot - you
don't want visitors to be able to access it!


I check the log file here is the line:
77.54.124.11 - specificuser [09/Mar/2010:16:46:35 +0100] "GET /admin
HTTP/1.1" 401 472


it does not auth.
My .htaccess:

AuthUserFile /so/secret/path/.htpasswd
AuthGroupFile /dev/null
AuthName "Shoot the password"
AuthType Basic
<Limit GET POST>
require specificuser
</limit>

<FilesMatch "^([_a-z0-9A-Z])+$">
RewriteEngine On
RewriteRule (.*) /admin/index.n
</FilesMatch>

so I shall avoir this <Limit> keyword...? Actually I don't get why just
specify that for GET and POST if someone arrive with a PUT does it mean
it will let it pass??


Laurent
 
Old 03-09-2010, 02:53 PM
Laurent Kappler
 
Default htpasswd works only for valid-user

Mick a écrit :

On Monday 08 March 2010 19:48:12 Laurent Kappler wrote:


Hi

I'm using htpasswd to write the user password form my htaccess.

It works only if I put "require valid-user" not if I put "require
specificuser"

any idea?



Have you tried:

AuthType Basic (or Digest)
AuthUserFile /usr/local/apache/passwd/htpasswords
Require user specificuser

Make sure that the path to the htpasswords file is outside your webroot - you
don't want visitors to be able to access it!


it works with require valid-user, like it finds the htpasswd file.
 
Old 03-09-2010, 02:55 PM
Laurent Kappler
 
Default htpasswd works only for valid-user

Mick a écrit :

On Monday 08 March 2010 19:48:12 Laurent Kappler wrote:


Hi

I'm using htpasswd to write the user password form my htaccess.

It works only if I put "require valid-user" not if I put "require
specificuser"

any idea?



Have you tried:

AuthType Basic (or Digest)
AuthUserFile /usr/local/apache/passwd/htpasswords
Require user specificuser

Make sure that the path to the htpasswords file is outside your webroot - you
don't want visitors to be able to access it!


ok got it

it was Require user not Require user.

Still my question about Limit GET POST ... it seems risky...

thank you!!
Laurent
 
Old 03-09-2010, 07:14 PM
Mick
 
Default htpasswd works only for valid-user

On Tuesday 09 March 2010 15:50:11 Laurent Kappler wrote:
> Mick a écrit :
> > On Monday 08 March 2010 19:48:12 Laurent Kappler wrote:
> >> Hi
> >>
> >> I'm using htpasswd to write the user password form my htaccess.
> >>
> >> It works only if I put "require valid-user" not if I put "require
> >> specificuser"
> >>
> >> any idea?
> >
> > Have you tried:
> >
> > AuthType Basic (or Digest)
> > AuthUserFile /usr/local/apache/passwd/htpasswords
> > Require user specificuser
> >
> > Make sure that the path to the htpasswords file is outside your webroot -
> > you don't want visitors to be able to access it!
>
> I check the log file here is the line:
> 77.54.124.11 - specificuser [09/Mar/2010:16:46:35 +0100] "GET /admin
> HTTP/1.1" 401 472
>
> it does not auth.
> My .htaccess:
>
> AuthUserFile /so/secret/path/.htpasswd
> AuthGroupFile /dev/null
> AuthName "Shoot the password"
> AuthType Basic
> <Limit GET POST>
> require specificuser
> </limit>
>
> <FilesMatch "^([_a-z0-9A-Z])+$">
> RewriteEngine On
> RewriteRule (.*) /admin/index.n
> </FilesMatch>
>
> so I shall avoir this <Limit> keyword...? Actually I don't get why just
> specify that for GET and POST if someone arrive with a PUT does it mean
> it will let it pass??

Well, as I said you need to add type "user" after "Require" and before the
name of the user, in your case specificuser:

Required user specificuser

Now, as the manual tells you the <Limit GET POST> means that the
authentication mechanism applies only for GET POST requests sent to the
server. It does not apply for any other type of requests. PUT, DELETE, COPY,
etc will be allowed to get through. Instead you may want to limit access on
part or all of the fs of your site; e.g.

<Location /htdocs/my_website>
Require user specificuser
</Location>

HTH.
--
Regards,
Mick
 

Thread Tools




All times are GMT. The time now is 09:41 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org