htaccess authentication not using htpasswd

Question

I have an .htaccess file that looks like this:

AuthUserFile /etc/.htpasswd
AuthType Basic
AuthName "Restricted Client Area"
Require user admin

In the /etc/.htpasswd file I have a single entry for a user called admin that was created via the htpasswd binary. When I go to my site and get queried for authentication, it's letting me login with the Mac user 'admin' that exists on the webserver, as opposed to the admin user from the htpasswd file.

How do I ensure it uses the htpasswd file, and only the htpasswd file?

Answer 1

Apple's server adds their own authentication module that is causing this behavior.

Answer 2

Short of this being some kind of bug or previous misconfiguration, such behavior should not be present by default.

There are several ways to enable such functionality, so you may need to backtrace and figure out if you can disable any that are present:

• mod_auth_pam
• mod_auth_external
• NIS

Answer 3

You can generate password file using may site like here

There may require to add authentication condition "RewriteCond" to htaccess file like :

AuthType Basic
AuthName "restricted area"
AuthUserFile /home/..path../.htpasswd
require valid-user

RewriteEngine On

# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]