Very Computer

by **Andrew Wes** » Fri, 07 Sep 2001 20:31:19

Help,

I've recently started using a apache server running on a linux box as a
sort of test bed. The trouble is I can figure out how to create the
passwords for the htpasswd files. I've tried the htpasswd perl script, but
this doesn't seem to create passwords of the right encryption type. Could
some one please help me with a little plain easy to follow advice on how to
setup another username and password on an already existing htpasswd.

Thanks

Andrew

by **Alex Brow** » Sat, 08 Sep 2001 14:21:25

> Help,

> I've recently started using a apache server running on a linux box as a
> sort of test bed. The trouble is I can figure out how to create the
> passwords for the htpasswd files. I've tried the htpasswd perl script, but
> this doesn't seem to create passwords of the right encryption type. Could
> some one please help me with a little plain easy to follow advice on how to
> setup another username and password on an already existing htpasswd.

look at the htpasswd stuff on the Apache site or use a great new tool
called "a search engine"

Alex

by **mike gardne** » Sat, 08 Sep 2001 17:48:04

> I've recently started using a apache server running on a linux box as a
> sort of test bed. The trouble is I can figure out how to create the
> passwords for the htpasswd files. I've tried the htpasswd perl script, but
> this doesn't seem to create passwords of the right encryption type. Could
> some one please help me with a little plain easy to follow advice on how to
> setup another username and password on an already existing htpasswd.

Apache week have a gentle introduction to user authentication at:
http://www.apacheweek.com/features/userauth

Once you've created your htpasswd file with one username (htpasswd -c
/path/to/my/.htpasswd username) you just add more users with htpasswd without
the -c flag (htpasswd /path/to/my/.htpasswd username2).

cheers,
mike

by **David Efflan** » Sat, 08 Sep 2001 21:57:13

> Help,

> I've recently started using a apache server running on a linux box as a
> sort of test bed. The trouble is I can figure out how to create the
> passwords for the htpasswd files. I've tried the htpasswd perl script, but
> this doesn't seem to create passwords of the right encryption type. Could
> some one please help me with a little plain easy to follow advice on how to
> setup another username and password on an already existing htpasswd.

On most Unix boxes the Perl crypt() would use the system crypt() and so
would apache. But you cannot use DES passwords if the system uses MD5 and
vice versa. An htpasswd file is a simple list of colon separated
(anything after optional 2nd colon ignored):

username:crypted_passwd
or
username:crypted_passwd:comment_or_other_ignored_data

But if your webserver is a Windows box, it might not have a system crypt()
and you likely have to use the htpasswd program that comes with apache.
Or I heard that some Windows might use plain text passwords.

If you are on a Cobalt server, read recent news postings from the past
week or do a news search about "Cobalt htpasswd". It seems to use system
passwords by default instead of your own htpasswd.

--
David Efflandt - All spam is ignored - http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/

by **Greg Scharlema** » Tue, 11 Sep 2001 16:25:31

I set up a .htaccess file in a a directory say: /www/protected
It works fine. The problem comes when I try to access
/www/protected/one
I get a forbidden page, you do not have access to /www/protected/one
on this server. Can anyone tell me why this is. I thought I would have
access to the subdirectories of the protected directory with no
problem.

Thanks

by **David Efflan** » Wed, 12 Sep 2001 09:46:04

Quote:> I set up a .htaccess file in a a directory say: /www/protected
> It works fine. The problem comes when I try to access
> /www/protected/one
> I get a forbidden page, you do not have access to /www/protected/one
> on this server. Can anyone tell me why this is. I thought I would have
> access to the subdirectories of the protected directory with no
> problem.

.htaccess applies to the directory it is in and any subdirectories unless
you change that with an .htaccess in a subdir.

What are system file permissions of 'protected' and 'one'? Unless it is
CGI under suexec, all directories in the full system path typically need
at least 701 permission (unless owned by the user and group that apache
is running as).

--
David Efflandt - All spam is ignored - http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/

by **Greg Scharlema** » Wed, 12 Sep 2001 16:44:58

> > I set up a .htaccess file in a a directory say: /www/protected
> > It works fine. The problem comes when I try to access
> > /www/protected/one
> > I get a forbidden page, you do not have access to /www/protected/one
> > on this server. Can anyone tell me why this is. I thought I would have
> > access to the subdirectories of the protected directory with no
> > problem.

> .htaccess applies to the directory it is in and any subdirectories unless
> you change that with an .htaccess in a subdir.

> What are system file permissions of 'protected' and 'one'? Unless it is
> CGI under suexec, all directories in the full system path typically need
> at least 701 permission (unless owned by the user and group that apache
> is running as).

I made sure that 'protected' and 'one' both were readable and
executable by everyone.

Do I need to have a second .htaccess file within the 'one' that
specifies that access should be granted without a username and
password? If so what does the .htaccess file in the subdir look like?

Thanks, Greg