Tim Lines wrote:
>
> I just tried to set up apache-ssl and I'm having problems. I want to
> set up a directory so that when a user tries to enter it with their web
> browser they are asked for a user name and password. If they are
> authenticated, they get in; if not they don't.
>
> I compiled SSLeay 0.80 and apache-ssl. I fudged a certificate for
> testing purposes. I can get an SSL encrypted link to my web browser.
> When I click on the protected directory I get a window asking for my
> user name password. When I enter my user name/password I get an
> authentication error.
>
> My log file says:
> Access to /login failed for elvis, reason: user linest: password
> mismatch.
>
> The parts of my httpd.conf that seem relevant look like:
> <Directory /export/home/login>
> AuthType Basic
> AuthName Experimental
> AuthGroupFile /dev/null
> AuthUserFile /etc/passwd
> <Limit PUT GET>
> allow from all
> require valid-user
> </Limit>
> </Directory>
>
> I'm sure that /etc/passwd is wrong. I've looked through the code enough
> to believe that the file should be either dbm or db format but I'm not
> sure which. Which format should the file be in? How can I build a
> password file in the proper format?
>
> I would be pleased if someone told me to RTFM and included the
> information about where TFM is.
I realise it isn't always obvious what is an Apache issue and what is an
Apache-SSL issue. A good rule of thumb is that if it doesn't involve a
directive starting "SSL", then it is an Apache issue, in which case, TFM
is at http://www.apache.org.
In case it ain't obvious, this is an Apache issue. BTW, you should leave
out the <Limit...> stuff unless you have a good reason to include it.
Cheers,
Ben.
--
Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/
London, England. |"Apache: TDG" http://www.ora.com/catalog/apache