I have an apache2 server running on Ubuntu. I'm new to Apache, so forgive me I say something illogical.
I have basic authentication working, so I thought I'd just replicate the directives for digest authentication, but I'm guessing that's where I'm going wrong.
<Directory /home/mark/.www/secret>
<Files file1>
AuthType Basic
AuthName "Secret"
AuthUserFile "/etc/apache2/conf-available/.htpasswd"
Require valid-user
</Files>
<Files file2>
AuthType Digest
AuthName "Secret"
AuthUserFile "/etc/apache2/conf-available/.htpasswd"
Require valid-user bob
</Files>
</Directory>
In /etc/apache2/mods-enabled, auth_basic.load was already there as a symbolic link to /etc/apache2/mods-available
Therefore, I created a symbolic link for auth_digest.
However, I still get a 401 error when loading file2 (yes, I am restarting the server when making changes).
Both file1 and file2 have permissions 644 and like I said file1 successfully loads with basic auth.
Any help would be appreciated!
Best Answer
You are using the same password file for both auth methods, but they need password files in different formats.
Password files for the digest method can be created with
htdigest
and contain the realm name.A remark: I would suggest to use Basic Auth instead of Digest, but only via a secure TLS connection.