On Sat, 2023-04-29 at 17:39 +0100, Patrick O'Callaghan wrote:
In *some" cases, usernames are added to the password file, and
the
password verifies correctly (using 'htppasswd -v ...'), but Apache
still throws an error, e.g.:
[Sat Apr 29 17:12:10.790251 2023] [authz_core:error] [pid 17622:tid 17769] [client
82.69.61.82:40716] AH01631: user notatest: authorization failure for "/":
(NB: "authorization failure", not "authentication failure" as with a
password mismatch.)
Further thoughts... That error sound backwards.
A password mismatch ought to be authorisation failure (you are not
authorised). An authentication failure would be some other problem (it
can't do the authentication).
Are all the failures for trying to access the same thing?
The .htpasswd file should be outside of the webserving tree. Are you
sure you're only using one file, or are correctly specifying the right
one?
The .htaccess files which mention which .htpasswd file to use should
use the full filepath to the .htpasswd file. And mention the correct
type of authentication being used (bearing in mind that only some
methods are actually usable). And you have to use the same scheme when
creating the passwords.
AuthType Basic
AuthName "Secure space"
AuthUserFile /var/www/.htpasswd
Require valid-user
Satisfy All
Have you looked through Apache's own docs regarding it?
e.g.
https://httpd.apache.org/docs/2.4/programs/htpasswd.html
--
NB: All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the list.
The following system info data is generated fresh for each post:
uname -rsvp
Linux 6.2.8-100.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Mar 22 19:14:19
UTC 2023 x86_64