config/1054: access.config problems, with AuthUserFile and AuthGroupFile

[Lee Rothfarb <ro...@smt.ucsb.edu>]

>Number:         1054
>Category:       config
>Synopsis:       access.config problems, with AuthUserFile and AuthGroupFile
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Aug 25 14:40:02 1997
>Originator:     rothfarb@smt.ucsb.edu
>Organization:
apache
>Release:        1.2.0
>Environment:
SunOS boethius 5.5 Generic_103093-06 sun4m sparc SUNW,SPARCstation-5
gcc compiler
>Description:
The AuthGroupFile and AuthUserFile simply don't work in the access.conf
file.  When I specify filenames for them, I get an error message when I
start apache 1.2.0 saying that AuthGroupFile and AuthUserFile are illegal.
Without those directives in access.conf, it is not possible to verify
users for certain directories/documents.  This is very frustrating.  I
have also tried to use the deny and allow commands within a pair of
<Directory>...</Directory> tags in access.conf.  I deny from all and
then allow from certain IP numbers (with the order deny,allow), but that
doesn't work either.  Even though I allow my own IP, apache 1.2.0 won't
let me into the protected directory.  This has become very, very frustrating
and has wasted a lot of my time.  I switched to Apache to make things
a bit easier, more flexible, configurable.  I was using the old EIT server
(NCSA style), which worked fine as far as it went; it protected a special
directory but let me enter, according to the allow,deny segment in the
access.conf.  I tried the same with Apache and it simply doesn't work.
>How-To-Repeat:
No way to repeat it through a URL  It's a config. problem.
>Fix:
I have no idea
>Audit-Trail:
>Unformatted: