According to Raymond J. Henry:
Anyone with Apache/SSL experience care to lend a helping hand?
I've got Apache compiled with mod_ssl, and it seems to be working fine. In fact, I know that part is working fine. Where my trouble lies is with forcing it to look look for the userID/password to access the directory.
Which, by the way, has nothing to do with the SSL support.
It allows any conenction to view the page, without prompting for userID/PW. httpd.conf points traffic for hermes.manitobamall.net to /www/htdocs/manitobamall/.
Looked around for everything I could find on the 'Net, and tried all variations of examples, still the same. ____________________
/www/htdocs/test/.htaccess:
AuthUserFile /www/pw/.file-password AuthGroupFile /dev/null
I think you can just leave out the AuthGroupFile directive if you're not actually specifying a group file.
AuthName "TestPage"
Set the AuthName directive to a name or string that will make sense in the userid/password prompt in the pop-up dialog box.
AuthType Basic
<Limit GET POST PUT> require user test </Limit>
We usually just specify the following...
require valid-user
... without using the Limit tags. This will allow any valid userid that's found in the specified password file.
/www/pw/.filepassword:
test: 38sqpB6MNb7BA
If that's white space after the colon, you'll need to remove that. In fact, this may be your only real problem.
Hope this helps.
According to Raymond J. Henry:
Anyone with Apache/SSL experience care to lend a helping hand?
I've got Apache compiled with mod_ssl, and it seems to be working fine.
In
fact, I know that part is working fine. Where my trouble lies is with forcing it to look look for the userID/password to access the directory.
Which, by the way, has nothing to do with the SSL support.
No, but my understanding was that it would better protect the userID/PW as it was passed to the server. No?
And the following suggestions still didn't result in a userID/PW prompt.... :/
It allows any conenction to view the page, without prompting for
userID/PW.
httpd.conf points traffic for hermes.manitobamall.net to /www/htdocs/manitobamall/.
Looked around for everything I could find on the 'Net, and tried all variations of examples, still the same. ____________________
/www/htdocs/test/.htaccess:
AuthUserFile /www/pw/.file-password AuthGroupFile /dev/null
I think you can just leave out the AuthGroupFile directive if you're not actually specifying a group file.
AuthName "TestPage"
Set the AuthName directive to a name or string that will make sense in the userid/password prompt in the pop-up dialog box.
AuthType Basic
<Limit GET POST PUT> require user test </Limit>
We usually just specify the following...
require valid-user
... without using the Limit tags. This will allow any valid userid that's found in the specified password file.
/www/pw/.filepassword:
test: 38sqpB6MNb7BA
If that's white space after the colon, you'll need to remove that. In
fact,
this may be your only real problem.
Hope this helps.
-- Gilbert E. Detillieux E-mail: gedetil@cs.umanitoba.ca Dept. of Computer Science Web: http://www.cs.umanitoba.ca/~gedetil/ University of Manitoba Phone: (204)474-8161 Winnipeg, MB, CANADA R3T 2N2 Fax: (204)474-7609 _______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
Thanks to those that gave me input. I did manage to find the problem. I decided to stop trying to deal with the .htaccess file, and start at the beginnning. Sure enough, there it was. In the httpd.conf file, AllowOverride None for the .htaccess control. Changed it to AllowOverride All, and it now prompts for login when going to https://hermes.manitobamall.net.
Next step is to see how to prevent it from accessing the page when going to http://hermes.manitobamall.net.
Aren't computers fun? <G>
-
gedetil@cs.umanitoba.ca -
Raymond J. Henry