You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Erin O'Neill <eo...@stanford.edu> on 2004/08/17 22:24:46 UTC
[users@httpd] Authentication
Hello all!
I've read everything about Authentication on this list and searched google
extensively. It seems that a lot of places suggest that authentication be
done under the VirtualHosts directive. I'm cool with that. In the past my
setup had a Directory directive allowing for .htaccess files. These worked
but a user had to constantly keep typing in their user/password (over and
over again! it was quite annoying). There was only ONE .htaccess file in
the top dir of the restricted area.
I tried to switch to VirtualHost only Authentication and did this:
<Directory "/www/mySite/html/private">
Deny from all
Allow from mydomain.com
AuthType Basic
AuthUserFile /etc/apache2/conf/passwords
AuthName "Restricted directory"
Require valid-user
Satisfy any
</Directory>
I created the passwords file and again I had to type in my
username/password over and over again when I came to mySite outside of
mydomain.com. This is so annoying. Is there another way? I want to be able
to show off this restricted area when on the road so I'd like to use the
user/pwd combo for those times but I'm afraid I'll get tired of the
constant nagging of user/pwd!
Suggestions?
thanks,
erin
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Authentication
Posted by Erin O'Neill <eo...@stanford.edu>.
Well it WAS my configuration! :) It seems that I learned a LOT from all
this discussion but I had the file perms wrong on my password file (which I
moved OUT of documentRoot). I'm not sure why we had/have this problem with
apache 1 but I'm working on the upgrade so I don't care about the old
version since it will soon go away.
BUT -- thank you thank you thank you for pointing me in the direction of
checking out my client. I have no idea why I didn't keep a window with a
tail -f error.log open but I finally did with your suggestion and viola!
bad file perms.
whew. I did try this with and without .htaccess file. It worked both ways
but for now I prefer using no .htaccess file.
Just in case someone googles this issue on Authentication and Apache --
here's my configuration file VirtualHost sample:
<VirtualHost 171.xx.xx.xx>
DocumentRoot /www/html
Options All
ServerName myServer.mydomain.com
ServerAlias myServer
CustomLog logs/access_log standard env=!nolog
<Directory /www/html/coolproject>
Options +ExecCGI
AllowOverride None
</Directory>
<Directory "/sums/www/html/private">
Deny from all
AuthType Basic
AuthUserFile /etc/apache2/conf/passwordfile
AuthName "Restricted"
Require valid-user
Satisfy any
</Directory>
</VirtualHost>
thanks for your help.
erin
At 04:28 PM 8/17/2004 -0400, Joshua Slive wrote:
>This is not the normal state of affairs. The server will ask for the
>password every time, but all decent clients will cache the password
>and resend it, as long as you are under the same URL (meaning the new
>URL is a superset of the old one) and realm.
>
>If that is not working for you, you should trace the communication
>between the client and server and see under what conditions the client
>is failing to send the cached password.
>
>Joshua.
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache and passwd
Posted by Ganeshram Iyer <ga...@sbcglobal.net>.
Thanks Joshua,
I had read that it is a bad idea. But it is for an intranet site over
SSL and with a number of users and computers having different passwords
for different services increases my work of trying to get them all to
age and still be consistent. Thanks for your advice and the links. I
shall look into it.
Much appreciate
Ganesh
Joshua Slive wrote:
>On Wed, 18 Aug 2004 16:53:39 -0500, Ganeshram Iyer
><ga...@sbcglobal.net> wrote:
>
>
>>Hello all,
>>I am a new Linux user/administrator with Whitebox Linux and Apache 2.0.
>>I was wondering if there was a way to setup Apache to require
>>authentication to a directory over the internet but using Linux's passwd
>>file? The setup is similar to IIS "Integrated Windows Authentication".
>>Is it possible though with maybe point the AuthUserFile directive to
>>point to the 'passwd' file? Would it work? I am trying to maintain a
>>single password system based on the passwd file so that users would not
>>have to remember too many passwords.
>>
>>
>
>See:
>http://httpd.apache.org/docs/misc/FAQ.html#passwdauth
>for why that is a very bad idea.
>
>If you still want to do it, there are several modules on
>http://modules.apache.org/ that can do the job.
>
>Joshua.
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache and passwd
Posted by Joshua Slive <js...@gmail.com>.
On Wed, 18 Aug 2004 16:53:39 -0500, Ganeshram Iyer
<ga...@sbcglobal.net> wrote:
> Hello all,
> I am a new Linux user/administrator with Whitebox Linux and Apache 2.0.
> I was wondering if there was a way to setup Apache to require
> authentication to a directory over the internet but using Linux's passwd
> file? The setup is similar to IIS "Integrated Windows Authentication".
> Is it possible though with maybe point the AuthUserFile directive to
> point to the 'passwd' file? Would it work? I am trying to maintain a
> single password system based on the passwd file so that users would not
> have to remember too many passwords.
See:
http://httpd.apache.org/docs/misc/FAQ.html#passwdauth
for why that is a very bad idea.
If you still want to do it, there are several modules on
http://modules.apache.org/ that can do the job.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Apache and passwd
Posted by Ganeshram Iyer <ga...@sbcglobal.net>.
Hello all,
I am a new Linux user/administrator with Whitebox Linux and Apache 2.0.
I was wondering if there was a way to setup Apache to require
authentication to a directory over the internet but using Linux's passwd
file? The setup is similar to IIS "Integrated Windows Authentication".
Is it possible though with maybe point the AuthUserFile directive to
point to the 'passwd' file? Would it work? I am trying to maintain a
single password system based on the passwd file so that users would not
have to remember too many passwords.
Thanks
Ganesh
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Authentication
Posted by Joshua Slive <js...@gmail.com>.
On Tue, 17 Aug 2004 13:24:46 -0700, Erin O'Neill <eo...@stanford.edu> wrote:
> Hello all!
>
> I've read everything about Authentication on this list and searched google
> extensively. It seems that a lot of places suggest that authentication be
> done under the VirtualHosts directive. I'm cool with that. In the past my
> setup had a Directory directive allowing for .htaccess files. These worked
> but a user had to constantly keep typing in their user/password (over and
> over again! it was quite annoying). There was only ONE .htaccess file in
> the top dir of the restricted area.
This is not the normal state of affairs. The server will ask for the
password every time, but all decent clients will cache the password
and resend it, as long as you are under the same URL (meaning the new
URL is a superset of the old one) and realm.
If that is not working for you, you should trace the communication
between the client and server and see under what conditions the client
is failing to send the cached password.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org