Problem: user authentication in Apache

Problem: user authentication in Apache

Post by st.. » Thu, 18 Jan 1996 04:00:00



My problem: I'm running Apache 1.0 (on a Linux box with kernel 1.2.13)
and I want to do user authentication for one directory. I consulted
the apache server documentation, which I found not extremely helpful.
So I studied the tutorial for NCSA. It all seems not very difficult -
it just doesn't work with my setup. I always get a 'User authentication
failed' message (I created several users with htpasswd and I'm SURE
that I didn't forget ALL the passwords...).
Somebody mentioned that the password encryption of htpasswd was identical
with the stystem's password encryption (in /etc/passwd). But when I
compared a system and htpasswd user with the same password the encryption
was different.
Does user authentication in Apache really work the same way as in NCSA?
HOW DOES IT WORK? Any helpful suggestions will be highly appreciated!

Thanks in advance
Michael Stopp

 
 
 

Problem: user authentication in Apache

Post by David D Kilz » Fri, 19 Jan 1996 04:00:00



>My problem: I'm running Apache 1.0 (on a Linux box with kernel 1.2.13)
>and I want to do user authentication for one directory. I consulted
>the apache server documentation, which I found not extremely helpful.
>So I studied the tutorial for NCSA. It all seems not very difficult -
>it just doesn't work with my setup. I always get a 'User authentication
>failed' message (I created several users with htpasswd and I'm SURE
>that I didn't forget ALL the passwords...).

Did you put all the authetication stuff in your access.conf file?
If so, did you stop the web server and restart it (so it would load the
new authentication software)?

Did you put it in a .htaccess file in the directory?  If so, did you
configure that directory in access.conf to allow authentication
overrides?

Did you use the DBM utilities or the flat-file password file?  Did you
use the correct Auth... keywords when defining the authentication in
your .htaccess or access.conf file (i.e. use the dbmmange program with
Auth...DBM, or htpasswd with Auth..., and not vice-versa)?

Quote:>Somebody mentioned that the password encryption of htpasswd was identical
>with the stystem's password encryption (in /etc/passwd). But when I
>compared a system and htpasswd user with the same password the encryption
>was different.

That was probably a difference in the ``salt'' used.  (A two-byte
quantity called ``salt'' is added to the crypt() function when a
password is encrypted so that if two users have the same password on the
same system, they must also have the exact same salt to have the same
encrypted password string.

Quote:>Does user authentication in Apache really work the same way as in NCSA?
>HOW DOES IT WORK? Any helpful suggestions will be highly appreciated!

Dave
--
David D. Kilzer               \         ``I do not fear computers.

Computer Engineer 5           \  
Iowa State University, Ames   /               -- Isaac Asimov

 
 
 

1. Problem: user authentication in Apache II

How does user authentication work in Apache ?

--
                Jean-Sebastien Fouillade
                Orb Weavers, Inc.

--------------------------------------------------------

URL    : http://www.orbweavers.com/
         http://www.orbweavers.com/ULTIMATE/
--------------------------------------------------------

2. Apparent sound IRQ conflict

3. Apache user authentication problem

4. Help! Fresh install problem - NO CDROM boot

5. Apache-User Authentication Problem!

6. How to get the 3c509.c device driver into the kernel?

7. Apache User/Password Authentication with proxy and SSL enabled problem

8. help - lilo warning cause boot errors

9. Apache 1.3.6: User authentication againt NT domain?

10. User Authentication with Apache Server and PostgreSQL

11. Apache user authentication

12. User Authentication with Apache 1.0.3 (soon 1.1.1)

13. Apache module for mSQL user authentication