Mike Dewhirst wrote:
Boyle Owen wrote:
-----Original Message-----
From: Mike Dewhirst [mailto:[EMAIL PROTECTED]
<snip>
Some people are convinced the Earth is flat but that don't make it so
:-) By far the most likely reason for your problem still is that
apache is misconfigured.
You are still right and I am up a gum tree.
I can edit my Basic Auth entry realm and see it change in the userid
dialog in the browser so I at least know SuSE Linux 9.1, Apache 2.0.53
is reading what I write. However none of my password attempts work. I
even started a spurious thread (sorry!) before checking the error_log.
httpd -t returns Syntax OK
Here are some relevant error_log entries ...
[Thu Nov 17 11:02:37 2005] [error] [client 192.168.0.29] Could not fetch
resource information. [301, #0]
[Thu Nov 17 11:02:37 2005] [error] [client 192.168.0.29] (84)Invalid or
incomplete multibyte or wide character: Requests for a collection must
have a trailing slash on the URI. [301, #0]
This was another machine which I used to access one of the subversion
repositories successfully. I didn't know it produced these errors until
I checked for the basic auth errors below!
<error_log>
[Thu Nov 17 11:14:27 2005] [error] [client 192.168.0.38] (2)No such file
or directory: Could not open password file: /svr/www/data/pwl/academics/memb
[Thu Nov 17 11:14:27 2005] [error] [client 192.168.0.38] user miked not
found: /auth/mcfs/
</error_log>
That /svr/www/data/pwl/academics/memb password file definitely exists
and all the permissions are OK (775) and owner of every directory in
that path and the memb file itself is wwwrun.www
The Basic Auth config is as follows ...
#
<IfModule mod_alias.c>
Alias /auth/mcfs /srv/www/htdocs/auth/mcfs
</IfModule>
#
<Directory /srv/www/htdocs/auth/mcfs>
Order allow,deny
Allow from all
</Directory>
#
<Location /auth/mcfs>
AuthType Basic
AuthName "Academics"
AuthUserFile /svr/www/data/pwl/academics/memb
Require valid-user
</Location>
#
Here are the modules apache loads from
/etc/apache2/sysconfig.d/loadmodule.conf ...
#
# Files in this directory are created at apache start time by
/usr/sbin/rcapache2.
# Do not edit them!
#
# as listed in APACHE_MODULES (/etc/sysconfig/apache2)
LoadModule access_module
/usr/lib/apache2-prefork/mod_access.so
LoadModule actions_module
/usr/lib/apache2-prefork/mod_actions.so
LoadModule alias_module
/usr/lib/apache2-prefork/mod_alias.so
LoadModule asis_module
/usr/lib/apache2-prefork/mod_asis.so
LoadModule auth_module
/usr/lib/apache2-prefork/mod_auth.so
LoadModule autoindex_module
/usr/lib/apache2-prefork/mod_autoindex.so
LoadModule cgi_module
/usr/lib/apache2-prefork/mod_cgi.so
LoadModule dav_module
/usr/lib/apache2-prefork/mod_dav.so
LoadModule dav_svn_module /usr/lib/apache2/mod_dav_svn.so
LoadModule authz_svn_module /usr/lib/apache2/mod_authz_svn.so
LoadModule dir_module
/usr/lib/apache2-prefork/mod_dir.so
LoadModule env_module
/usr/lib/apache2-prefork/mod_env.so
LoadModule imap_module
/usr/lib/apache2-prefork/mod_imap.so
LoadModule include_module
/usr/lib/apache2-prefork/mod_include.so
LoadModule log_config_module
/usr/lib/apache2-prefork/mod_log_config.so
LoadModule mime_module
/usr/lib/apache2-prefork/mod_mime.so
LoadModule negotiation_module
/usr/lib/apache2-prefork/mod_negotiation.so
LoadModule setenvif_module
/usr/lib/apache2-prefork/mod_setenvif.so
LoadModule status_module
/usr/lib/apache2-prefork/mod_status.so
#
As previously indicated, subversion is working perfectly with this
configuration. It calls for a Basic Auth userid and password which work
fine and generously let me see the contents of the repositories despite
the errors shown in the log. However, as you can see, passwords are
stored elsewhere. Here is the working subversion.conf ...
# subversion
# see /usr/share/doc/packages/subversion for the full documentation
#
<IfModule mod_dav_svn.c>
<IfModule mod_alias.c>
Alias /repos /srv/svn/html
</IfModule>
#
<Directory /srv/svn/html>
Options Indexes +Multiviews -FollowSymLinks
IndexOptions FancyIndexing \
ScanHTMLTitles \
NameWidth=* \
DescriptionWidth=* \
SuppressLastModified \
SuppressSize
Order allow,deny
Allow from all
</Directory>
#
<Location /repos>
DAV svn
SVNParentPath /srv/svn/repos
# Require SSL connection for password protection.
# SSLRequireSSL
AuthType Basic
AuthName "repositories"
AuthUserFile /srv/svn/user_access/auth-file
AuthzSVNAccessFile /srv/svn/user_access/access-policy
Require valid-user
</Location>
</IfModule>
#
I really appreciate your help.
Thanks
Mike
I have a couple of points you might like to consider:
1) Your config structure is complicated (/etc/Apache2/httpd.conf
includes /etc/Apache2/default_server.conf and
/etc/Apache2/conf.d/basic_auth.conf... I think?). There's nothing
wrong in principle with using Include but it does lead to complicated
configs where the order and positioning of the Include statements
becomes vitally important. Your "directive having no effect" problem
is typical of a misconfiguration in such a set up. As an exercise,
open up a copy of the main config file in an editor and then, using
cut'n'paste, replace the Includes with the actual contents of the
subsidiary config files. This will produce a single, flat config which
is what apache sees. Read that - does it seem to make sense?
Having said that, I believe you have moved the Auth directives into
the main config and they are still apparently ignored.
2) You are still a bit ambiguous about how apache is started... I get
the impression that you routinely start it using "apache2ctl start".
But when you test it to see if the syntax error is reported, you use
"./httpd". Look inside apache2ctl (it is just a shell script) - does
it have a "-f" argument to "httpd"? If so, this is the config file
apache uses. When you start with "./httpd" on the command line, apache
uses a compiled-in path to the config file. To see this, do "./httpd
-V" and check the lines "HTTPD_ROOT" and "SERVER_CONFIG_FILE". Is this
the same as in "apache2ctl"?
3) Could it be that there are two virtual hosts leading to the same
content? Eg, if you set up VH1 and VH2 with the same (or overlapping)
docroots and then put all your Auth directives under VH2, they would
be ignored if the URL actually led to the content via VH1. This could
happen if you screwed up the ServerName in VH2 (because then, apache
serves any unidentified request from VH1 by default)...
4) Do you have a "Satisfy Any" directive anywhere in any config file?
You stated earlier that you didn't understand this directive so it
shouldn't be in use anywhere. If it is, you realise that it switches
off password challenges from "Allowed" users...
I can get it to request a userid and password with AllowOverride
AuthConfig and using a .htaccess file.
This is a definate indication that apache is either not reading the
file containing these directives or the directory block containing
them is not being read when parsing the request (ie, the request is
going through a different VH).
As a final thought, just to convince yourself that apache does work as
advertised, make a little hello_world website. Just one file
(index.html) containing "hello world" in one dir (eg
/tmp/hello_world). Config file:
/tmp/hw.conf contains:
DocumentRoot /tmp/hello_world
<Directory /tmp/hello_world>
Allow from all
</Directory>
(leave everything else as default)
and start it with:
./httpd -f /tmp/hw.conf
Test it (http://localhost/)
Now add the Auth directives to the Directory block above. Does it work
now?
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
Which brings me to a followup question ...
It doesn't like the passwords in the password file. They work fine
under Apache 1.3 on my ISP's Linux server. I used htpasswd to create
the passwords.
Is there way to force Apache2 to use DES or whatever Apache 1.3 is
comfortable with?
Thanks for being there
Mike
Mike Dewhirst wrote:
Joshua Slive wrote:
On 11/12/05, Mike Dewhirst <[EMAIL PROTECTED]> wrote:
Does apache2ctl confirm that httpd actually reads that
file on startup?
Depends on how httpd normally gets started. If it is started using
apache2ctl, then that is a good indication.
OK - on investigation it ain't apachectl. It is httpd. I
ran httpd -t
and it complained about FooBar Nonsense too.
So - we are definitely reading the conf files. That means ...
1. I'm not reaching the right directory - Yes I am. 100% sure.
2. Some sort of caching? 100% no way. I've tried four
different browsers
on three different machines.
3. Apache is reading the conf but ignoring the directive
for some reason
What else do I need for Basic Auth to work?
As it happens, I have subversion running via apache on that
machine and
when I access it from a foreign machine it asks me to
authenticate. I
have copied subversion.conf below. Maybe I should copy that?
Modules? I deleted all files in /etc/apache2/sysconfig.d
and restarted
the computer whereupon we got a brand-new loadmodule.conf ...
#
# Files in this directory are created at apache start time by
/usr/sbin/rcapache2.
# Do not edit them!
#
# as listed in APACHE_MODULES (/etc/sysconfig/apache2)
LoadModule access_module /usr/lib/apache2-prefork/mod_access.so
LoadModule actions_module /usr/lib/apache2-prefork/mod_actions.so
LoadModule alias_module /usr/lib/apache2-prefork/mod_alias.so
LoadModule asis_module /usr/lib/apache2-prefork/mod_asis.so
LoadModule auth_module /usr/lib/apache2-prefork/mod_auth.so
LoadModule autoindex_module
/usr/lib/apache2-prefork/mod_autoindex.so
LoadModule cgi_module /usr/lib/apache2-prefork/mod_cgi.so
LoadModule dav_module /usr/lib/apache2-prefork/mod_dav.so
LoadModule dav_svn_module
/usr/lib/apache2/mod_dav_svn.so
LoadModule authz_svn_module
/usr/lib/apache2/mod_authz_svn.so
LoadModule dir_module /usr/lib/apache2-prefork/mod_dir.so
LoadModule env_module /usr/lib/apache2-prefork/mod_env.so
LoadModule imap_module /usr/lib/apache2-prefork/mod_imap.so
LoadModule include_module /usr/lib/apache2-prefork/mod_include.so
LoadModule log_config_module
/usr/lib/apache2-prefork/mod_log_config.so
LoadModule mime_module /usr/lib/apache2-prefork/mod_mime.so
LoadModule negotiation_module
/usr/lib/apache2-prefork/mod_negotiation.so
LoadModule setenvif_module /usr/lib/apache2-prefork/mod_setenvif.so
#
Here is /etc/apache2/conf.d/subversion.conf
# see /usr/share/doc/packages/subversion for the full documentation
#
<IfModule mod_dav_svn.c>
##
## project related HTML files
##
<IfModule mod_alias.c>
Alias /repos /srv/svn/html
</IfModule>
<Directory /srv/svn/html>
Options Indexes +Multiviews -FollowSymLinks
IndexOptions FancyIndexing \
ScanHTMLTitles \
NameWidth=* \
DescriptionWidth=* \
SuppressLastModified \
SuppressSize
order allow,deny
allow from all
</Directory>
<Location /repos>
DAV svn
SVNParentPath /srv/svn/repos
AuthzSVNAccessFile /srv/svn/user_access/access-policy
#<moved from LimitExcept>
# how to authenticate users
AuthType Basic
AuthName "repositories"
AuthUserFile /srv/svn/user_access/auth-file
Require valid-user
#</moved from LimitExcept>
# move 'Require valid-user' to here
# to provide public read only access
# and require a valid user for GET etc below
<LimitExcept GET PROPFIND OPTIONS REPORT>
#
</LimitExcept>
</Location>
</IfModule>
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP
Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le présent e-mail
est un message privé et personnel, sans rapport avec l'activité
boursière du Groupe SWX.
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender
urgently and then immediately delete the message and any copies of it
from your system. Please also immediately destroy any hardcopies of
the message. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the
intended recipient. The sender's company reserves the right to monitor
all e-mail communications through their networks. Any views expressed
in this message are those of the individual sender, except where the
message states otherwise and the sender is authorised to state them to
be the views of the sender's company.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]