I need help with Apache user authentication

[timwalsh]

I've got a web server all up and running on my new Debian 3.1 machine and I'm trying to password protect one directory with all of its contents. I created my usernames and passwords using htpasswd (calling the file .htpasswd) and I created a .htgroup file called "members". I modifed my httpd.conf file and created a .htaccess file which I put in the directory that I want to protect. I restarted my server, went to my website, and clicked on the link to my protected directory. The username and password window pops up, but it won't accept anything that I put in. The authentication just fails every time. Here are my .htaccess and httpd.conf files.

Code:

AuthType Basic
AuthName "BU Blades"
AuthUserFile /etc/apache/.htpasswd
AuthGroupFile /etc/apache/.htgroup

require group members

Code:

ServerType standalone

ServerRoot /etc/apache

LockFile /var/lock/apache.lock

PidFile /var/run/apache.pid

ScoreBoardFile /var/run/apache.scoreboard

Timeout 300

KeepAlive On

MaxKeepAliveRequests 100

KeepAliveTimeout 15

MinSpareServers 5
MaxSpareServers 10

StartServers 5

MaxClients 150

MaxRequestsPerChild 100

Include /etc/apache/modules.conf

<IfModule mod_status.c>
  ExtendedStatus On
</IfModule>

Port 80

User www-data
Group www-data

ServerAdmin timwalsh@bu.edu

ServerName www.bublades.com

DocumentRoot /var/www

<Directory />
    Options SymLinksIfOwnerMatch
    AllowOverride None
</Directory>

<Directory /var/www/>

    Options Indexes Includes FollowSymLinks MultiViews

 AllowOverride AuthConfig

    Order allow,deny
    Allow from all
</Directory>

<Directory /var/www/members/*>
AuthName "BU Blades"
AllowOverride AuthConfig
AuthType Basic
AuthUserFile /etc/apache/.htpasswd
AuthGroupFile /etc/apache/.htgroup
require group members
</Directory>

<IfModule mod_userdir.c>
    UserDir public_html

    <Directory /home/*/public_html>
        AllowOverride FileInfo AuthConfig Limit
        Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
        <Limit GET POST OPTIONS PROPFIND>
            Order allow,deny
            Allow from all
        </Limit>
        <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
            Order deny,allow
            Deny from all
        </Limit>
    </Directory>
</IfModule>

<IfModule mod_dir.c>
    DirectoryIndex index.html index.htm index.shtml index.cgi index.php
</IfModule>

AccessFileName .htaccess

<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

UseCanonicalName Off

TypesConfig /etc/mime.types

DefaultType text/plain

<IfModule mod_mime_magic.c>
    MIMEMagicFile /usr/share/misc/file/magic.mime
</IfModule>

HostnameLookups Off

ErrorLog /var/log/apache/error.log

LogLevel warn

LogFormat "%h %l %u %t \"%r\" %>s %b \"%&#123;Referer&#125;i\" \"%&#123;User-Agent&#125;i\" \"%&#123;forensic-id&#125;n\" %T %v" full
LogFormat "%h %l %u %t \"%r\" %>s %b \"%&#123;Referer&#125;i\" \"%&#123;User-Agent&#125;i\" \"%&#123;forensic-id&#125;n\" %P %T" debug
LogFormat "%h %l %u %t \"%r\" %>s %b \"%&#123;Referer&#125;i\" \"%&#123;User-Agent&#125;i\" \"%&#123;forensic-id&#125;n\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%&#123;forensic-id&#125;n\"" forensic
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%&#123;Referer&#125;i -> %U" referer
LogFormat "%&#123;User-agent&#125;i" agent

CustomLog /var/log/apache/access.log combined

<IfModule mod_log_forensic.c>
 ForensicLog /var/log/apache/forensic.log
</IfModule>

<IfModule mod_backtrace.c>
 EnableExceptionHook On
 
</IfModule>

<IfModule mod_whatkilledus.c>
 EnableExceptionHook On
 
</IfModule>

ServerSignature On

<IfModule mod_alias.c>
    Alias /icons/ /usr/share/apache/icons/

    <Directory /usr/share/apache/icons>
         Options Indexes MultiViews
         AllowOverride None
         Order allow,deny
         Allow from all
    </Directory>

    Alias /images/ /usr/share/images/

    <Directory /usr/share/images>
         Options MultiViews
         AllowOverride None
         Order allow,deny
         Allow from all
    </Directory>
</IfModule>

<IfModule mod_alias.c>
    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

    <Directory /usr/lib/cgi-bin/>
        AllowOverride None
        Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>
</IfModule>

<IfModule mod_autoindex.c>

    IndexOptions FancyIndexing NameWidth=*

    AddIconByEncoding &#40;CMP,/icons/compressed.gif&#41; x-compress x-gzip

    AddIconByType &#40;TXT,/icons/text.gif&#41; text/*
    AddIconByType &#40;IMG,/icons/image2.gif&#41; image/*
    AddIconByType &#40;SND,/icons/sound2.gif&#41; audio/*
    AddIconByType &#40;VID,/icons/movie.gif&#41; video/*

    AddIcon /icons/binary.gif .bin .exe
    AddIcon /icons/binhex.gif .hqx
    AddIcon /icons/tar.gif .tar
    AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
    AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
    AddIcon /icons/a.gif .ps .ai .eps
    AddIcon /icons/layout.gif .html .shtml .htm .pdf
    AddIcon /icons/text.gif .txt
    AddIcon /icons/c.gif .c
    AddIcon /icons/p.gif .pl .py
    AddIcon /icons/f.gif .for
    AddIcon /icons/dvi.gif .dvi
    AddIcon /icons/uuencoded.gif .uu
    AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
    AddIcon /icons/tex.gif .tex
    AddIcon /icons/bomb.gif core
    AddIcon /icons/deb.gif .deb

    AddIcon /icons/back.gif ..
    AddIcon /icons/hand.right.gif README
    AddIcon /icons/folder.gif ^^DIRECTORY^^
    AddIcon /icons/blank.gif ^^BLANKICON^^

    DefaultIcon /icons/unknown.gif

    ReadmeName README.html
    HeaderName HEADER.html

    IndexIgnore .??* *~ *# HEADER.html HEADER.txt RCS CVS *,v *,t

</IfModule>

<IfModule mod_mime.c>

    AddEncoding x-compress Z
    AddEncoding x-gzip gz tgz

    AddLanguage da .dk
    AddLanguage nl .nl
    AddLanguage en .en
    AddLanguage et .ee
    AddLanguage fr .fr
    AddLanguage de .de
    AddLanguage el .el
    AddLanguage it .it
    AddLanguage ja .ja
    AddCharset ISO-2022-JP .jis
    AddLanguage pl .po
    AddCharset ISO-8859-2 .iso-pl
    AddLanguage pt .pt
    AddLanguage pt-br .pt-br
    AddLanguage lb .lu
    AddLanguage ca .ca
    AddLanguage es .es
    AddLanguage sv .se
    AddLanguage cs .cz

    <IfModule mod_negotiation.c>
        LanguagePriority en da nl et fr de el it ja pl pt pt-br lb ca es sv
    </IfModule>

    AddType application/x-tar .tgz
    AddType image/bmp .bmp

    AddType text/x-hdml .hdml

    <IfModule mod_include.c>
     AddType text/html .shtml
     AddHandler server-parsed .shtml
    </IfModule>

</IfModule>

AddDefaultCharset on

<IfModule mod_setenvif.c>
  
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0

    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>

<IfModule mod_perl.c>
  <IfModule mod_alias.c>
   Alias /perl/ /var/www/perl/
  </IfModule>
  <Location /perl>
    SetHandler perl-script
    PerlHandler Apache&#58;&#58;Registry
    Options +ExecCGI
  </Location>
</IfModule>

<IfModule mod_alias.c>
 Alias /doc/ /usr/share/doc/
</IfModule>

<Location /doc>
  order deny,allow
  deny from all
  allow from 127.0.0.0/255.0.0.0
  Options Indexes FollowSymLinks MultiViews
</Location>

<IfModule mod_proxy.c>
   
</IfModule>

Include /etc/apache/conf.d

Thanks for your help,

Tim Walsh

[michael56]

Have you checked that the permissions settings for your password and group files? I think they need to be set such that the userid under which the server runs has read permission.

[timwalsh]

Thanks Michael, you were right, my permissions were wrong. Now I have another, perhaps more interesting problem, though.

The only username that actually allows me access is the first one listed in my .htgroup file. I tested this hypothesis by switching the order of the usernames in the file so that a different name was first on the list and it held true. I've been looking around the internet to see if I formated my file incorrectly and I've seen a lot of different examples. Some have no space between the group name and the first username, some separate the names only by a space, some separate only by a comma, and some separate by a space and a comma. This is how I have my .htgroup file right now which only allows access to the first name, "bittenbender".

Code:

members: bittenbender mcindoe robinson gillespie matsuda hughes
asciutto hainsworth gates dedominici walsh hitchings sharer mcshea

Any help with this would be appreciated.

Tim Walsh

[michael56]

Sorry for the delay in responding - I couldn't access the forum for a few days.

Do you have the names split into two or more lines? I tested this on my server and got similar failures. Putting all the names on one line with spaces in between worked for me.

[michael56]

Should have posted the example that worked for me, all on one line:

members: mike mary jess morgan

[timwalsh]

Hey thanks a lot, Michael. That worked. Unfortunately, I had a lot of usernames in the group that took up more than one line, so I just split them into 2 different groups and said

Code:

require group members
require group members2

Now it appears to work fine with any username.

Thanks, again.

Tim