Apache not accepting any passwords from .htaccess!!!

[Guest_imported]

I've been trying for a while now to get a secure area on my website and I've fiddled with settings and nothing seems to work!&nbsp;&nbsp;Can anyone tell me what is going wrong here?&nbsp;&nbsp;I keep getting 401 errors.<br>My Directory is...<br>&lt;Directory &quot;/home/httpd/html/mysite&quot;&gt;<br> Options Indexes Includes FollowSymLinks<br> AllowOverride None<br> Allow from all<br> Order deny,allow<br> AuthType Basic<br> AuthName &quot;Required Password&quot;<br> AuthUserFile /home/httpd/html/mysite/mysite.htaccess<br> require valid-user<br>&lt;/Directory&gt;<br>I have AccessFileName directive commented out.<br>I have AllowOverride on httproot directory set to &quot;AuthConfig&quot; or &quot;All&quot;&nbsp;&nbsp;I can disable the directory access settings and access the files in there.&nbsp;&nbsp;my htaccess file is just:<br>webserver:1234321<br><br>I'm running this on RH6.2 and apache 1.3.12.&nbsp;&nbsp;Can anyone help?<br>Thanks,<br><br>Steve Kiehl<br>webmaster, <b><i>Nanovox</b>.com</i>

 

[Guest_imported]

Nevermind.&nbsp;&nbsp;It for some reason wants to use MD5 encrypted passwords.&nbsp;&nbsp;Anyone know how I can make it use just regular nonencrypted passwords under Red Hat 6.2 and Apache 1.3.12?<br><br>Steve Kiehl<br>webmaster, <b><i>Nanovox</i>.com</b>

 

[steam]

wait ...

AllowOverride None

this might be the problem.

Change None with All or FileInfo, or simply remove the line

http://www.apache.org/docs/mod/core.html#allowoverride

 

[steam]

Ok

a 401 error means that the protection works but the system cannot decrypt the passwd in your AuthUserFile

remember you must protect the directory either in the configuration file OR in the .htaccess file.

 

[steam]

Here is a perl script for password encryption. Simply create a form, using METHOD=get and 2 fields: 'pass' and 'userid'.

It should work.


-------
#!/usr/bin/perl

my($query, @pairs, %FORM);
$query = $ENV{'QUERY_STRING'};
@pairs = split(/&/, $query);
foreach (@pairs) {
($name, $value) = split(/=/, $_);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack(&quot;C&quot;, hex($1))/eg;
$FORM{$name} = $value;
}


print &quot;Content-Type: text/html\n\n&quot;;

$salt1 = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./';
$salt = substr($salt1,rand(length($salt1)),1);
$salt .= substr($salt1,rand(length($salt1)),1);


$words{$key} = crypt ($FORM{'pass'},$salt);

print &quot;<center><p>Copy the following line in your password file<br>For example if the first line of your .htaccess file is <i>AuthUserFile /home/user/login.pwd</i>, copy in <i>/home/user/login.pwd</i><p>&quot;;
print &quot;<b>$FORM{'userid'}:$words{$key}\n&quot;;
-----