apache2 digest authentication

Here is my site file on Ubuntu server 11.10:

<IfModule mod_ssl.c>
<VirtualHost *:443> ServerAdmin webmaster@localhost DocumentRoot /var/www/mydir ServerAlias *.mydomain.no-ip.info <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/mydir> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key </VirtualHost> </IfModule>

Now I wanted authorized access to directory:

/var/www/mydir/private

I created the digest file like this:

sudo htdigest -c /etc/apache2/digest_auth users enedene

So I added the following before the <\Virtualhost>:

<Directory "/var/www/mydir/private/"> AuthType Digest AuthName "Private" AuthDigestProvider file AuthUserFile /etc/apache2/digest_auth Require enedene
</Directory>

I restarted the web server and when I go to link:

I get prompted with a username and password as I wanted, but the problem is that it doesn't except the user/password that I've created, it just continuously denies and prompts again, as if the username/password combination is wrong.
What is wrong with my setup?

EDIT:
Here is what /var/log/apache2/error.log says:

[Wed Dec 07 18:00:47 2011] [error] [client 188.129.120.255] File does not exist: /var/www/mydir/favicon.ico
[Wed Dec 07 18:01:07 2011] [error] [client 188.129.120.255] Digest: user `enedene' in realm `Private' not found: /private

The first line is when I connect to site, but the site works, the second line is when I try to access the /var/www/mydir/private dir, authentication comes to browser but I can't get in.

EDIT 2:
After changing AuthName to "users" new error:

[Wed Dec 07 18:07:59 2011] [error] [client 188.129.120.255] access to /private failed, reason: require directives present and no Authoritative handler.

2 Answers

I believe since your realm is users then your AuthName directive should be "users"

Instead of AuthNmae "Private" try, AuthName "users" restart apache with;

sudo service apache2 reload

2

After AuthUserFile, add this:

AuthGroupFile /dev/null

Does this help after restarting Apache? If not, what does ${APACHE_LOG_DIR}/error.log have to say when authentication fails?

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like