Re: Web Auth.

Sun, 01 Jun 2003 10:33:39 -0700

Brent L. Cox wrote:
ok it does prompt now but when I enter the user ID and Password I ask for it again like it was incorrect and after 3 times I get auth. req.
I used this command to create mt .htpasswd file\

htpasswd -c .htpasswd blcox

this is my entry in the httpd.conf file

<Directory "/var/www/html">
     Options Indexes Includes FollowSymLinks
     AllowOverride All
     Order allow,deny
     Allow from all
</Directory>

and this is my .htaccess file


AuthType Basic
AuthName "Secure area"
AuthUserFile /home/blcox/.htpasswd
require valid-user


can someone please tell me what Iam doing wrong.

Thanks
Brent




On Sat, 31 May 2003 16:20:59 -0400
 Jason Staudenmayer <[EMAIL PROTECTED]> wrote:

Here's the httpd.conf
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory "/var/www/html">
    Options Indexes Includes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>

.htaccess
AuthType Basic
AuthName "Secure area"
AuthUserFile /somewhere/save/.htpasswd
require valid-user


AuthType Basic
AuthName "Secure area"
AuthUserFile /home/blcox/.htpasswd
require valid-user

Needs to go into a directory container. Say I wanted to protect all of /www/joseph-a-nagy-jr/ (where I keep all the files for http://joseph-a-nagy-jr.homelinux.org), I would make this entry into my vhost config file:

<Directory /www/joseph-a-nagy-jr/>
AuthType Basic
AuthName "Secure area"
AuthUserFile /home/blcox/.htpasswd
require valid-user
</Directory>

As a matter of fact, here is an example of an actual decleration I use to protect one of my live directories:

     <Directory "/www/joseph-a-nagy-jr/cgi-bin/awstats/">
        AuthType Basic
        AuthName "Administration Only"
        AuthUserFile /etc/httpd/conf/passwords/awstats-admin
        Require valid-user
     </Directory>

Of course I use a properly long password (32 characters including spaces, caps and punctuation). Of course I know a password is only as secure as the hacker attacking it is bad, so I made some entries in my awstats config file to only allow access from 192.168.1.1-192.168.1.255 ;)

"Security is only as good as the amount of precautions you take."
--
Wielder of the mighty +1 LARTsaber of Unsubscribe Instructions At End of Message,
the +3 Clue-by-Four of No Attachments to a Mailing List,
and the -4 Shield of No Spell Checker


--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Reply via email to