ok, I'm probably being overly dense here, but ...
How does the httpd "authenticate" option work? from httpd.conf(5):
[no] authenticate [realm] with htpasswd
Authenticate a remote user for realm by checking the credentials
against the user authentication file htpasswd. The file name is
relative to the chroot and must be readable by the www user. Use
the no authenticate directive to disable authentication in a
location.
what's "realm"? It shows up twice in the man page, both times in that
paragraph. Googling was not overly productive due to that other web
server that also uses the file name "httpd.conf" and htpasswd. :-/
What I'm trying to do is have one user/pw protected directory on a web
server. Most of the server is open to all (and of interest to very
few), but this one directory should be letting basically no one in
without authentication.
Adding
authenticate with "/htpasswd"
to the server section works to protect the entire page (expected that --
though the error handling here isn't my favorite -- produces "syntax
error" when "/htpasswd" exists but is not readable by web server user).
Adding it to a "location" section like this:
server "njh.example.com" {
listen on $ext_addr port 80
root "/njh.example.com"
location "/*" {
directory auto index
log style combined
}
location "/priv/*" {
authenticate with "/htpasswd"
}
}
seems to be a "no op" -- never seems to prompt for the uid/pw.
I'm sure whatever I'm missing is stupidly simple, but not sure what it
is ...
Nick.
