Bah!! - can't get htaccess/htpasswd to work on WinXP

[shirls]

Hi Guys

Can anyone help me with please?

Have setup httpd.conf with the settings everyone recommends on here.

#
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
#

<Directory &quot;c:/server/apache/htdocs/protected&quot;>
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>

#
# AccessFileName: The name of the file to look for in each directory
# for access control information.
#

AccessFileName .htaccess

# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
#
<Files ~ &quot;^\.ht&quot;>
Order allow,deny
Deny from all
Satisfy All
</Files>


The .htaccess file is in the directory I want to password protect.

My .htaccess file looks like this....

AuthUserFile &quot;C:/server/apache/passwd/.htpasswd&quot;
AuthGroupFile /null
AuthName &quot;Restricted Area&quot;
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

I've used htpasswd.exe to create the .htpasswd file that is stored in c:/server/apache/passwd/ using the settings below

htpasswd.exe -cmb .htpasswd admin password, this creates the file with no problems.

The problem is that when I direct the browser to the password protected directory I get the password prompt, but it will not authorise the password at all.

Where am I going wrong???

 

[Newposter]

Are you sure the .htpasswd file is really in the protected directory, or did it end up in the directory where the htpasswd.exe resides? I found the latter, and had to move the .htpasswd file to the correct location after creating it.

Everything else you've done looks OK to me. Newposter
&quot;Good judgment comes from experience. Experience comes from bad judgment.&quot;

 

[shirls]

Have moved the .htpasswd file to the protected directory, and changed the .htaccess file

from - AuthUserFile &quot;C:/server/apache/passwd/.htpasswd&quot;

to - AuthUserFile &quot;C:/server/apache/htdocs/protected/.htpasswd&quot;

Have restarted Apache, even though I probably didn't need to, but still no joy, still getting the 401 Authorisation error screen.

I just can't figure it out, everything looks right, everything is where it's supposed to be, but it still won't authorise the password :-(

 

[cian]

Have you checked the .htpasswd file, actually opened it to see if the user cred were created ok? Just a thought



É ::

http://www.endamcg.com

 

[shirls]

Hi,

Yes checked that .htpasswd contains....

admin:$apr1$5e2.....$VuTtzyadoYS78OViw/Dgf1

Apart from Apache, PHP, MySQL and Perl the only other thing running on the computer is Zonealarm. I don't see that ZA could be the problem though as I have set it so that it allows the 4 other programs internet access.

It's got me stumped.

 

[GraphicFunn]

I am having the exact same problem. It appears that everything is set up correctly and I have made sure the .htpasswd file is not in the same directory as the .htaccess file. But when I type in the user/password it just repeats the request for a login.

I am curious on one other thing that I hope someone can explain. When I use htpasswd to create or add to the password file, the users password always appears differenly even for the same user and password. I saw notes saying this encryption would change eveytime but if this is never consistant, even for the same user/pass pair, then how can it ever match when someone tries to log on? When a user tries to log on aren't they going thru basically the same process that is done when the user password is created in the first place? Thanks.

 

[Newposter]

The encryption changes every time a password is created, not every time it's used to log in.

Looks like everything you've done is OK, don't know why it won't authorize. Newposter
&quot;Good judgment comes from experience. Experience comes from bad judgment.&quot;