basic auth does not work in apache 2.4

StackOverflow https://stackoverflow.com/questions/16101360

Question

httpd.conf

LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so

httpd-vhosts.conf

<VirtualHost *:8080>
        ServerAdmin webmaster@192.168.1.162
        DocumentRoot "/data/www/sites/default/public"
        ServerName 192.168.1.162
        ErrorLog "/data/www/logs/apache/192.168.1.162-error_log"
        CustomLog "/data/www/logs/apache/192.168.1.162-access_log" combined
    <Directory "/data/www/sites/default/public">
        Options -Indexes
        AllowOverride All
        Order allow,deny
        Allow from all
        AuthType Basic
        AuthName "Restricted Resource"
        AuthBasicProvider file
        AuthUserFile /data/svn/htpasswd
        Require valid-user
    </Directory>
    ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/data/www/sites/default/public/$1
</VirtualHost>

I can get the info to input the user and password,but always can not be virified.I am sure the password is correct and the htpassswd file are not in the document root folder.

How can i resolve this problem?

Était-ce utile?

La solution 2

Are you sure your Apache user (www-data?) can access the user file? Also, you can drop the AuthBasicProvider line.

Autres conseils

It sounds like you might have Apache httpd 2.4.4 installed, which suffers from a known bug in the htpasswd utility... If so, take a look at this response to a similar question. The first work-around is the same as Noora's -- i.e. that command-line password specification works -- but others listed there might be more appropriate to your situation. The issue and workarounds apply to both .conf-file and .htaccess configurations.

I would only add that you needn't edit your passwd-file by hand, as the -n option implies. Using -b should suffice, e.g. htpasswd -b HTUSERS username password. If your passwd-file is FUBAR, you might just start over by adding the -c option -- truncating the file -- when you add the first user.

Good luck!

I know I'm a little late to the party, but Apache 2.4 is still what I am using. And it's still got this issue, apparently.

I finally logged in successfully (because I knew my syntax and login was down to a t, it couldn't be that). I simply used a plain password instead of a hash, which is NOT a solution, but it shows that the problem is from using a password hash -- apparently Apache doesn't interpret it correctly.

In my case, the problem was due to a conflict with an unused but loaded mod-shib2 module. List your loaded modules with:

apache2ctl -M

and if present unload it with:

a2dismod shib2
systemctl restart apache2

this fixed basic authentication.

This is related to the bug https://bugs.launchpad.net/ubuntu/+source/shibboleth-sp2/+bug/1358284

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top