password protection for vhost

[sofatime]

Hi,

I have a very simple problem but cannot figure it out. I would like to password protect a vhost. This vhost is instaniated. I don't want to do it with .htaccess. I have created the realm and the context, but I always get "Authentication failed with user xxx". This is the relevant configuration:

<realmList>
<realm>
<type>file</type>
<name>Test</name>
<userDB>
<location>/path/to/users</location>
<maxCacheSize></maxCacheSize>
<cacheTimeout></cacheTimeout>
</userDB>
<note></note>
<groupDB>
<location></location>
<maxCacheSize></maxCacheSize>
<cacheTimeout></cacheTimeout>
</groupDB>
</realm>
</realmList>

<contextList>
<context>
<type>NULL</type>
<uri>/</uri>
<location></location>
<allowBrowse>1</allowBrowse>
<note></note>
<enableExpires></enableExpires>
<expiresDefault></expiresDefault>
<expiresByType></expiresByType>
<extraHeaders></extraHeaders>
<addMIMEType></addMIMEType>
<forceType></forceType>
<defaultType></defaultType>
<indexFiles></indexFiles>
<autoIndex></autoIndex>
<allowOverride></allowOverride>
<realm>Test</realm>
<authName></authName>
<required></required>
<accessControl>
<allow></allow>
<deny></deny>
</accessControl>
<authorizer></authorizer>
<addDefaultCharset>off</addDefaultCharset>
<defaultCharsetCustomized></defaultCharsetCustomized>
<rewrite>
<enable></enable>
<inherit></inherit>
<base></base>
<rules></rules>
</rewrite>
<enableIpGeo></enableIpGeo>
<apacheConf></apacheConf>
</context>
</contextList>

I have also created the users file and made sure the password is really correct.

Any hints?

Thanks
Daniel

 

[sofatime]

I have now tried to do the same with .htaccess: Does not work either with the same users file. But if I create a .htpasswd with the password unencrypted it works. So it apparently has to do with the users file. I have created the users file normally using the lsws admin and it looks good. The only thing that's new to me is a ":" at the end of the user entry (after the password).

Daniel

 

[NiteWave]

the apache document is here:
http://httpd.apache.org/docs/2.2/mod/core.html#require

so in your config file,

<required></required>

should be something like
<required>user xxx</required>
or
<required>valid-user</required>

/path/to/users should be a file, an sample:
#cat /path/to/users
test:kF2EDBE2Ux8sQ
user1:SQtevcsBBnBPY

 

[sofatime]

Thank you. I already tried "user xxx", but did not work. Also the lsws documentation says that "required" can be left empty and then every user would be valid (the same as "valid-user").
The users file exists and contains the correct user.

Daniel

 

[NiteWave]

compared with an local test box of mine,
can you set some values of:
<maxCacheSize></maxCacheSize>
<cacheTimeout></cacheTimeout>
for example, 200, 60 respectively.

 

[sofatime]

Ok, I did, but still does not work.
I have now solved the problem with .htaccess und .htpasswd with an unencrypted password. But still would be good if I could do that on the server level.

Daniel

 

[NiteWave]

can you try to install standard version on the same vhost but in another location instead of default /usr/local/lsws. then access the homepage, there is a demo page for Authentication, see if that works for you. the line read:
"Authentication: Password protected content, use user name: test, password: test123"

 

[sofatime]

No, I can't do this, as this server is productive. This is a pretty standard installation with lsws 4.2.2 64bit Enterprise on Ubuntu 12 64bit. How would installing lsws standard help?

Thanks
Daniel

 

[mistwang]

which tool is used to generate the encrypt password file?
You can try Apache's htpasswd utility.

 

[sofatime]

I have used lsws to create the users file.

 

[mistwang]

We will look into the code in our web console regarding this.
Can you also try Apache htpasswd, see if the password file generated works with LSWS.