Re: About .htaccess

Can you have an MD5-encrypted password in your password file and still use "Basic" as the "AuthType"? Shouldn't that be "Digest"?

Also the "AuthName" and the "realm" are really the same, but it doesn't matter since your Checking User Credentials code will never run as it will not start before you have a succesfull authentication and then you have a valid $ENV{REMOTE_USER}.

CountZero

"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

Comment on Re: About .htaccess Select or Download Code

Replies are listed 'Best First'.

Re^2: About .htaccess
by Nik (Initiate) on Jun 12, 2005 at 14:03 UTC

AuthUserFile .htpasswd
AuthType Digest
AuthName "Private Area"
require Nikos
[download]

Nikos:Private Area:digest encrypted string
[download]

[reply]
[d/l]
[select]

Re^3: About .htaccess

by CountZero (Bishop) on Jun 12, 2005 at 15:35 UTC

If I'm not mistaken, security-wise it is a bad idea to put this file in the cgi-bin folder. It should even be put outside your htdocs-folder.

Are you sure that your configuration file is OK and that other cgi-bin scipts run as expected?

Update:If you use relative paths, they are relative to the server-root! This is what the docs for Apache say in that respect:

AuthUserFile Directive

Description:	Sets the name of a text file containing the list of users and passwords for authentication
Syntax:	`AuthUserFile file-path`
Context:	directory, .htaccess
Override:	AuthConfig
Status:	Base
Module:	mod_auth

The AuthUserFile directive sets the name of a textual file containing the list of users and passwords for user authentication. File-path is the path to the user file. If it is not absolute (i.e., if it doesn't begin with a slash), it is treated as relative to the ServerRoot.

CountZero

"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]
[d/l]
[select]