You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by K Anand <ka...@sail-steel.com> on 2005/05/12 05:39:39 UTC

[users@httpd] Basic Authentication question

Hi all,

I have a very basic question regarding authentication on apache...I have in
my httpd.conf a section like below :
<Directory "/var/www/cgi-bin">
    AuthType Basic
    AuthName "By Invitaion Only"
    AuthUserFile /etc/httpd/conf/passwd/passwords
    Require valid-user

    AllowOverride None
    Options ExecCGI
    Order allow,deny
    Allow from all
</Directory>

So whenever a browser first sends a cgi-bin request, authentication is done
by userid and password...Whenever subsequent requests come for cgi-bin,
authentication is not required provided the browser has not been closed. How
is this done ?

I know that this is not a problem but I would like to know just for my
information.

Thanx
Anand


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Basic Authentication question

Posted by Dick Davies <ra...@hellooperator.net>.

* Sandeep Gaikwad <sg...@vertex.co.in> [0558 09:58]:
> Hello Anand,
>    Please try by updating the line AllowOverride None by
>    AllowOverride AuthConfig or AllowOverride All
> 
> Regards,
> Sandeep

Guys, read the mails before posting replies, ok?
What you suggest would enable .htaccess loading of Auth* directives, which
has nothing to do with the question.
 
> 
> K Anand wrote:
> 
> >Hi all,
> >
> >I have a very basic question regarding authentication on apache...I have in
> >my httpd.conf a section like below :
> ><Directory "/var/www/cgi-bin">
> >   AuthType Basic
> >   AuthName "By Invitaion Only"
> >   AuthUserFile /etc/httpd/conf/passwd/passwords
> >   Require valid-user
> >
> >   AllowOverride None
> >   Options ExecCGI
> >   Order allow,deny
> >   Allow from all
> ></Directory>
> >
> >So whenever a browser first sends a cgi-bin request, authentication is done
> >by userid and password...Whenever subsequent requests come for cgi-bin,
> >authentication is not required provided the browser has not been closed. 
> >How
> >is this done ?
> >
> >I know that this is not a problem but I would like to know just for my
> >information.

-- 
'When you have to kill a man it costs nothing to be polite.'
		-- Winston Churchill, On formal declarations of war
Rasputin :: Jack of All Trades - Master of Nuns

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Basic Authentication question

Posted by Sandeep Gaikwad <sg...@vertex.co.in>.

Hello Anand,
    Please try by updating the line AllowOverride None by
    AllowOverride AuthConfig or AllowOverride All

Regards,
Sandeep


K Anand wrote:

>Hi all,
>
>I have a very basic question regarding authentication on apache...I have in
>my httpd.conf a section like below :
><Directory "/var/www/cgi-bin">
>    AuthType Basic
>    AuthName "By Invitaion Only"
>    AuthUserFile /etc/httpd/conf/passwd/passwords
>    Require valid-user
>
>    AllowOverride None
>    Options ExecCGI
>    Order allow,deny
>    Allow from all
></Directory>
>
>So whenever a browser first sends a cgi-bin request, authentication is done
>by userid and password...Whenever subsequent requests come for cgi-bin,
>authentication is not required provided the browser has not been closed. How
>is this done ?
>
>I know that this is not a problem but I would like to know just for my
>information.
>
>Thanx
>Anand
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>  
>

Re: [users@httpd] Basic Authentication question

Posted by K Anand <ka...@sail-steel.com>.

you didn't understand what I was asking...The config I have included is
working ..I have used htpasswd and everything is working fine....All I want
to know is how does  apache  know that I have already authenticated or not ?

Anand

----- Original Message ----- 
From: "Chris Winfield-Blum" <ch...@leadingside.com>
To: <us...@httpd.apache.org>
Sent: Thursday, May 12, 2005 9:14 AM
Subject: Re: [users@httpd] Basic Authentication question


> you will have to use the htpasswd tools located in your apache bin to
> create the password file. then you point that directory to that file: ie:
>
> /etc/httpd/conf/passwd/passwords
>
> This should do that you need :)
>
> K Anand said the following:
>
> >Hi all,
> >
> >I have a very basic question regarding authentication on apache...I have
in
> >my httpd.conf a section like below :
> ><Directory "/var/www/cgi-bin">
> >    AuthType Basic
> >    AuthName "By Invitaion Only"
> >    AuthUserFile /etc/httpd/conf/passwd/passwords
> >    Require valid-user
> >
> >    AllowOverride None
> >    Options ExecCGI
> >    Order allow,deny
> >    Allow from all
> ></Directory>
> >
> >So whenever a browser first sends a cgi-bin request, authentication is
done
> >by userid and password...Whenever subsequent requests come for cgi-bin,
> >authentication is not required provided the browser has not been closed.
How
> >is this done ?
> >
> >I know that this is not a problem but I would like to know just for my
> >information.
> >
> >Thanx
> >Anand
> >
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP Server
Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Basic Authentication question

Posted by Chris Winfield-Blum <ch...@leadingside.com>.

you will have to use the htpasswd tools located in your apache bin to 
create the password file. then you point that directory to that file: ie:

/etc/httpd/conf/passwd/passwords

This should do that you need :)

K Anand said the following:

>Hi all,
>
>I have a very basic question regarding authentication on apache...I have in
>my httpd.conf a section like below :
><Directory "/var/www/cgi-bin">
>    AuthType Basic
>    AuthName "By Invitaion Only"
>    AuthUserFile /etc/httpd/conf/passwd/passwords
>    Require valid-user
>
>    AllowOverride None
>    Options ExecCGI
>    Order allow,deny
>    Allow from all
></Directory>
>
>So whenever a browser first sends a cgi-bin request, authentication is done
>by userid and password...Whenever subsequent requests come for cgi-bin,
>authentication is not required provided the browser has not been closed. How
>is this done ?
>
>I know that this is not a problem but I would like to know just for my
>information.
>
>Thanx
>Anand
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>  
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org