How to do digest authentication in Apache

apache-2.2apache-2.4httpd.conf

I have an apache2 server running on Ubuntu. I'm new to Apache, so forgive me I say something illogical.

I have basic authentication working, so I thought I'd just replicate the directives for digest authentication, but I'm guessing that's where I'm going wrong.

<Directory /home/mark/.www/secret>
    <Files file1>
      AuthType Basic
      AuthName "Secret"
      AuthUserFile "/etc/apache2/conf-available/.htpasswd"
      Require valid-user
    </Files>

    <Files file2>
        AuthType Digest
        AuthName "Secret"
        AuthUserFile "/etc/apache2/conf-available/.htpasswd"
        Require valid-user bob
    </Files>
</Directory>

In /etc/apache2/mods-enabled, auth_basic.load was already there as a symbolic link to /etc/apache2/mods-available

Therefore, I created a symbolic link for auth_digest.

However, I still get a 401 error when loading file2 (yes, I am restarting the server when making changes).

Both file1 and file2 have permissions 644 and like I said file1 successfully loads with basic auth.

Any help would be appreciated!

Best Answer

You are using the same password file for both auth methods, but they need password files in different formats.

Password files for the digest method can be created with htdigest and contain the realm name.

cat .htpasswd.digest
sven:test:89bf07ca6d68de56df750411b4d41658

cat .htpasswd
sven:$apr1$is4DJFgn$SNilHKs4CqblmS0GsBiFu0

A remark: I would suggest to use Basic Auth instead of Digest, but only via a secure TLS connection.

Related Solutions

Centos – WebDAV on CentOS – getting 403 error when attempt to upload

I recently struggled with the same problem on my Fedora 10 system. In my case the culprit was some odd redirection that I was doing in Apache. Specifically, I use a content management system (Drupal, to be exact) that within it's .htaccess includes the following redirection logic to redirect missing files to a PHP script:

# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

It makes sense that the above only affects the PUT method since in that case REQUEST_FILENAME does not exist.

Not having the WebDAV area inside of the Drupal area, which seems like a reasonable constraint, fixes the problem.

Also, I think it is likely that SELinux would result in a different error, but it's not mentioned in the discussion above. Did you try disabling SELinux?

Debian – Apache + LDAP Auth: access to / failed, reason: require directives present and no Authoritative handler

Your 'Require' line reads

Require ldap-group cn=CHANGED, cn=CHANGED

That doesn't look write - I don't believe you can have have two cn's in a DN like that.

Best Answer

Related Solutions

Centos – WebDAV on CentOS – getting 403 error when attempt to upload

Debian – Apache + LDAP Auth: access to / failed, reason: require directives present and no Authoritative handler

Related Topic