.htaccess never matches the password is correct, when password is correct

would folks tell me why my httpd.conf setting is wrong with the

authentication ?

( .htaccess and .htpasswd) even correct password
entered, it does not allow me to go into it.

This is apache 3.12 I think (from Linux Redhat 7.0)



I have took away the virtual hosting directives.





Help me please!!


Point to me which part is wrong!!!!
then tell me how it is corrected. use a lot of "####correction here### " to indicated the corrections.Since I have cut down the nos of word in this post. If u have a problem in reading my conf file, please let me know.


jennifer.


##
## httpd.conf -- Apache HTTP server configuration file
##



# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents.
#
ServerAdmin worldtouch@mailme.com
########## 26th April 2001 root@localhost

#
# ServerName: allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e., use
# "www" instead of the host's real name).
#
# Note: You cannot just invent host names and hope they work. The name you
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address (e.g., http://123.45.67.89/)
# anyway, and this will make redirections work in a sensible way.
#
#ServerName localhost

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/html"
########### 25th April added db as document


#
# Each directory to which Apache has access, can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# permissions.
#
<Directory />
Options FollowSymLinks
### AllowOverride None
######### 27th APril 2001 None ----> ALL
AllowOverride All
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/var/www/html">

#
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
Options Indexes Includes FollowSymLinks

#
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
#
## ---- original AllowOverride None

##### added this line
AllowOverride All

#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>

#
# UserDir: The name of the directory which is appended onto a user's home
# directory if a ~user request is received.
#
UserDir public_html

#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
#######26th April un-rem the following section

#<Directory /home/*/public_html>
<Directory /var/www/html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny

Allow from all

</Limit>
<Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
Order deny,allow
Deny from all
</Limit>
</Directory>

#
# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index. Separate multiple entries with spaces.
#
DirectoryIndex index.html index.htm index.shtml index.php index.php4 index.php3 index.cgi

#
# AccessFileName: The name of the file to look for in each directory
# for access control information.
#
AccessFileName .htaccess

#
# The following lines prevent .htaccess files from being viewed by
# Web clients. Since .htaccess files often contain authorization
# information, access is disallowed for security reasons. Comment
# these lines out if you want Web visitors to see the contents of
# .htaccess files. If you change the AccessFileName directive above,
# be sure to make the corresponding changes here.
#
# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
#
<Files ~ "^\.ht">

Order allow,deny

######--- original allow,deny
#######----- 26th April 2001 original Deny from all
deny from all

</Files>

>> even correct password entered, it does not allow me to go into it.

This has nothing to do with Apache at all. Your portion of httpd.conf looks fine except some insecure setting.

Your problem probably because your .htpasswd format is incorrect. Check and see if there is a trailing ^M at the end of each line. cat .htpasswd can't see ^M, use view .htpasswd. If that is not the case, how to encrypted the passwords? If you get the dialog prompt for entering password but unable to login, .htpasswd is your only problem.

still the same , I used ./htpasswd .htpasswd name


I examin the .htpasswd file with view and then execute the above stmt again.
It does not work "match" when my password is correctly entered.


What is the weakness of httpd.conf setting, would U please tell me?


jennifer.

Did you use an absolute path for your .htpasswd in your .htaccess? Can i have a look into both files?

More than likely (95%), it's the format of your .htpasswd that's incorrect. Now can you tell me a username and a password? Let me give you the encryted value, then you go and try it.

>> Did you use an absolute path for your .htpasswd in your .htaccess?

Yes, make sure that's the full server path to .htpasswd, not relative path. The thing is, if you misconfigured httpd.conf, you wouldn't even get the login prompt at all. If you didn't specified the full path to .htpasswd, the dialog will prompt, but unable locate your .htpasswd file, therefore returning a password incorrect error. Normally, the trailing ^M is causing this kind or problem though.

I copy htpasswd binary into /home/jenny/apache from /etc

I go to apache under jenny directory,

then I issued


./htpasswd .htpasswd jenny

# new password
# again....

I did the same thing over in Solaris 8 IA, it works ok for six months at least.


jenny.

>> I copy htpasswd binary into /home/jenny/apache from /etc

Why??? You should never copy or move any binary file out of its location in the first place.

>> then I issued

Why can't you run /etc/htpasswd htpasswd jenny instead?

Now give me your password (make it up).

I though I have the answer, I discovered the .htaccess is in dos format, I convert .htaccess from dos format to unix format and retry again.


# cd /home/jenny/apache

/usr/bin/htpasswd .htpasswd jenny

new password [ a] just a
again [ a]


no luck, I type [a] -just a but it wont let me through, and I have not reboot everything.


why it still does not work , it must the httpd.conf is wrong.


JENNY.




---- my .htaccess ------

AuthName "Webpage is under development March 2001 "

AuthType Basic
AuthUserFile /home/jenny/apache/.htpasswd
<LIMIT GET POST>
#require valid-reader
require user shirley jenny karen
</LIMIT>
~

Do you run on windows? If you do, then don't use the encrypted password. Just write your password plain out. If you run on linux, thats a diff. story.

I know freebsd mentioned this earlier but I think that you should reexamine your files for ^M. You said that your file was in DOS format, so I think a double check may be a good idea. You can edit the ^M out of the files with ...

vim -b FILENAME

or at least that was how I did it.

I have "view" and vim that you have told me to do...
it is not in dos format after I have the same one from other directory and when Vi it , it is in unix format for both .htaccess and .htpasswd files.

vim -b ( binary)




Jenny

If you insist it wasn't the format problem, then it should be permission or path problem. Make sure your path to .htpasswd is searchable by Apache user. Start here -> http://forums.devshed.com/showthrea...6492&forumid=15

would u please check the encryption of "a" in your .htpasswd file?
see if the the same as below????
I used ./htpasswd .htpasswd jenny


uFWjvligoOg36


I have read through rwx (757) ..... and check out my target directory and let concentrate on the directory say "hotels".

jenny ( owner) jenny ( group)

I change group to "noboby" with root account. It does not works. I watch very carefully with .htaccess and it is in unix format.


does "a" after encryption is uFWjvligoOg36?????




let's go step by step and one thing at a time???? we shall solve this!!!!

everybody knows my problem now and many suggestions & your effort is appreciated!!!

jenny.

I did not wish to give up on this topic

I used a php program to block them.

enough detailswill be provided here to ask for help from the Deshed community.

to Freebsd, you are saying:
uFWjvligoOg36 worked fine for me. Keep in mind, there is no fixed salt substring, every system may vary.

"salt"- is it meaning "seed" the seed of random no. generator???
do not understand what is salt mean!!!!!!!
It refers "a string" xor with the "target sting-password" and resultant is stored in the .htpasswd. I guess this.


If you still want me to continue that thread, please post more details like: YES , I need your help and other people. We support
each other. people helping people.

1) The output of ls -Al for /home, /home/jenny, /home/jenny/apache...and path to your .htpasswd


$ls -Al what do u need to see?

2) The real URL (no example) to your protected directory

/var/www/html/..... subdirectory
3) System path to .htaccess


AuthName "Webpage is under development March 2001 "

AuthType Basic
AuthUserFile /home/jenny/apache/.htpasswd
<LIMIT GET POST>
#require valid-reader
require user shirley jenny karen
</LIMIT>





4) Full path of your docroot [ to the web-page]

/var/www/html...

not sure about what u asking for your 4 questions.

jenny.