Alwanza Home Extraordin-Air Team Final Project Linux Course Home
Problem 26. -Jesse

Statement of Problem:

Create a Web page that requires a valid username/password to access its contents. This username/password can either be taken from the /etc/passwd file or via an external database.

Investigative Process:

Informative websites:
www.apacheweek.com/features/userauth
www.fnal.gov/cd/webgroup/webhelp/access_apache.html

As suggested in both of the above sites, I chose to create a separate user/passwd database for user authentication, rather than creating a greater security risk by using the /etc/passwd file.

I created this file using .htpasswd (see the man page -it's easy).
man htpasswd
I created the file in /var/www/auth (new directory).

I also edited /etc/httpd/conf/access.conf to allow the .htaccess files (see later) to over-ride/set permissions on certain directories.

Finally, in order to test this, I put an .htaccess file in
/var/www/html
(the same dir that contains the file we are serving: index.html). I had been lead to believe that the presence of this file would cause it to be read, and then require authentication for web files in the directory it appears in. The file itself gives the path to the .htpassd file it should use for authentication.  So far, it doesn't work.  I knew I shouldn't need to restart httpd, tried it anyway.  Still nothing.

The next morning, the web site was down.  I checked running processes (ps -e) and found the httpd process was not running.  Upon trying to restart it, I rec'd a Failure message indicating a syntax error in
/etc/httpd/conf/httpd.conf
I was quite sure that I had only changed one line of this file, but restoring that line to it's original state did not fix the problem.

I copied the same file from my home computer and ran a diff on the two versions, which revealed a missing comment marker on another line.  I suspect that when I was closing up shop I must have been confused about which window I had active and edited the httpd.conf file without realizing it.

Fixed this situation, but the password authentication still doesn't work.

Changing the variable for "AllowOverride" from "AuthConfig" to "All" fixed the problem.  I had originally changed it from "None" to "Authconfig" in accordance with instructions on the websites I was referencing.  The distinction between these values and why Authconfig didn't work will require more investigation.

Recipe:

I can't add much to what you'll find at either of the sites listed above, with the qualification that I did need to make the "All" vs. "AuthConfig" switch I mention above.  They also describe some fancier ways to approach user authentication: groups, realms, etc.