.htaccess never matches the password, when password is correct

greeting and everybody in this email.

I have similar problem with redhat 7.0 and apache 1.3.12 and I am using
virtual host. ( In solaris 8 intel, my setting with .htaccess apache 1.39
is simple and working perfectly).


In the deja.com , there is a thread talking about "step"

which I have following very closely and it asked me to enter the login name
and passwd and it never able to login since matching was not correct.


I tried a few method and I still can't figure out why. this is SOS letter.
my method:

a. change the title of login screen so that it is read the correct .htaccess
file, it reacts correctly.
b. change the file .htpasswd which store my encrypted passwd in different
file.
c. enter simple passwd such as "a" and it never match anything at all.

I have gone through the faq especially with htaccess, they mentioned
directives with AllowOverride None to ALL , which I have made modification
accordingly and there is two stmts found in the httpd.conf ( more than
1100 stmt).

vi httpd.conf :500 and move the cursor up a bit.


I exhausted my method. IS there a way to submit "BuG" to apache.org and let
them know about our difficult? I tried to work this out very very last
night.

see attachment
thanks
jenny

>> they mentioned directives with AllowOverride None to ALL

This enables .htaccess and allow AuthConfig to be overridden by .htaccess and this is just the very first step. You got login prompt so the problem was something else.

Next, how do you encrypt the passwords? Are you using htpasswd that came with Apache? Make sure there is no ^M at the end of each line in your .htpasswd file.

Anyhow, show us your .htaccess and .htpasswd.

>> IS there a way to submit "BuG" to apache.org

DON'T EVEN ATTEMPT TO DO IT!. Your message will be sent to /dev/null anyway.

do not understand your "first stmt of explanation"


.htaccess=====

AuthName "Testing Webpage is under development March 2001 "

AuthType Basic
AuthUserFile /xxxyyyy/aaabbb/apache/.htpasswd
<LIMIT GET POST>

require user jenny
</LIMIT>

I use htpasswd from Linux rh 7.0
=======
./htpasswd -c /xxxyyyy/aaabbb/apache/.htpasswd jenny

no ^M was found.

I used .htaccess in Solaris 8 before


~

Your .htaccess looks fine. The problem might be Apache unable to locate your .htpasswd file.

The path -> /xxxyyyy/aaabbb/apache/.htpasswd:

1) Is this path to .htpasswd correct?

2) Is it a symlink?
Say /xxxyy dir is a symlink of /usr/local/www/vhost/yourdomain.com, you must enable the options FollowSymLinks in order for Apache to locate your .htpasswd file.

Start here -> http://httpd.apache.org/docs/mod/core.html#options

# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/var/www/html">

#
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
Options Indexes Includes FollowSymLinks

#
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
#
## ---- original AllowOverride None

##### added this line
AllowOverride All

#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>

#
# UserDir: The name of the directory which is appended onto a user's home
# directory if a ~user request is received.
#
UserDir public_html

#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
#######26th April un-rem the following section

#<Directory /home/*/public_html>
<Directory /var/www/html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny

Allow from all

</Limit>
<Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
Order deny,allow
Deny from all
</Limit>
</Directory>

#
# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index. Separate multiple entries with spaces.
#
DirectoryIndex index.html index.htm index.shtml index.php index.php4 index.php3 index.cgi

#
# AccessFileName: The name of the file to look for in each directory
# for access control information.
#
AccessFileName .htaccess

#
# The following lines prevent .htaccess files from being viewed by
# Web clients. Since .htaccess files often contain authorization
# information, access is disallowed for security reasons. Comment
# these lines out if you want Web visitors to see the contents of
# .htaccess files. If you change the AccessFileName directive above,
# be sure to make the corresponding changes here.
#
# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
#
<Files ~ "^\.ht">

Order allow,deny

######--- original allow,deny
#######----- 26th April 2001 original Deny from all
deny from all

</Files>

No, not that Directory block. Take a look at my previous example, the <Directory "/usr/local/www/vhost/yourdomain.com"> is the one that needed to set options FollowSymLinks or options All plus AllowOverride All. It would save us some time if you didn't use /xxxyyyy/aaabbb/apache/.htpasswd.

If you still don't understand FollowSymLinks, forget it for the moment and do the following instead:

- Relocate your .htpasswd to the same dir as .htaccess
- Alter your .htaccess to the new location of .htpasswd and try again

If this works, there is nothing wrong with the password. Otherwise, do what I told you in above to add a <Directory "/usr/local/www/vhost/yourdomain.com">

Or tell me the real (don't make up /xxxyyy/aaabbb) directory path to .htpasswd