password protection for vhost

Discussion in 'Install/Configuration' started by sofatime, May 22, 2013.

  1. sofatime

    sofatime New Member

    Hi,

    I have a very simple problem but cannot figure it out. I would like to password protect a vhost. This vhost is instaniated. I don't want to do it with .htaccess. I have created the realm and the context, but I always get "Authentication failed with user xxx". This is the relevant configuration:

    <realmList>
    <realm>
    <type>file</type>
    <name>Test</name>
    <userDB>
    <location>/path/to/users</location>
    <maxCacheSize></maxCacheSize>
    <cacheTimeout></cacheTimeout>
    </userDB>
    <note></note>
    <groupDB>
    <location></location>
    <maxCacheSize></maxCacheSize>
    <cacheTimeout></cacheTimeout>
    </groupDB>
    </realm>
    </realmList>

    <contextList>
    <context>
    <type>NULL</type>
    <uri>/</uri>
    <location></location>
    <allowBrowse>1</allowBrowse>
    <note></note>
    <enableExpires></enableExpires>
    <expiresDefault></expiresDefault>
    <expiresByType></expiresByType>
    <extraHeaders></extraHeaders>
    <addMIMEType></addMIMEType>
    <forceType></forceType>
    <defaultType></defaultType>
    <indexFiles></indexFiles>
    <autoIndex></autoIndex>
    <allowOverride></allowOverride>
    <realm>Test</realm>
    <authName></authName>
    <required></required>
    <accessControl>
    <allow></allow>
    <deny></deny>
    </accessControl>
    <authorizer></authorizer>
    <addDefaultCharset>off</addDefaultCharset>
    <defaultCharsetCustomized></defaultCharsetCustomized>
    <rewrite>
    <enable></enable>
    <inherit></inherit>
    <base></base>
    <rules></rules>
    </rewrite>
    <enableIpGeo></enableIpGeo>
    <apacheConf></apacheConf>
    </context>
    </contextList>

    I have also created the users file and made sure the password is really correct.

    Any hints?

    Thanks
    Daniel
  2. sofatime

    sofatime New Member

    I have now tried to do the same with .htaccess: Does not work either with the same users file. But if I create a .htpasswd with the password unencrypted it works. So it apparently has to do with the users file. I have created the users file normally using the lsws admin and it looks good. The only thing that's new to me is a ":" at the end of the user entry (after the password).

    Daniel
  3. NiteWave

    NiteWave Administrator

    the apache document is here:
    http://httpd.apache.org/docs/2.2/mod/core.html#require

    so in your config file,
    Code:
    <required></required>
    should be something like
    <required>user xxx</required>
    or
    <required>valid-user</required>

    /path/to/users should be a file, an sample:
    #cat /path/to/users
    test:kF2EDBE2Ux8sQ
    user1:SQtevcsBBnBPY
  4. sofatime

    sofatime New Member

    Thank you. I already tried "user xxx", but did not work. Also the lsws documentation says that "required" can be left empty and then every user would be valid (the same as "valid-user").
    The users file exists and contains the correct user.

    Daniel
  5. NiteWave

    NiteWave Administrator

    compared with an local test box of mine,
    can you set some values of:
    <maxCacheSize></maxCacheSize>
    <cacheTimeout></cacheTimeout>
    for example, 200, 60 respectively.
  6. sofatime

    sofatime New Member

    Ok, I did, but still does not work.
    I have now solved the problem with .htaccess und .htpasswd with an unencrypted password. But still would be good if I could do that on the server level.

    Daniel
  7. NiteWave

    NiteWave Administrator

    can you try to install standard version on the same vhost but in another location instead of default /usr/local/lsws. then access the homepage, there is a demo page for Authentication, see if that works for you. the line read:
    "Authentication: Password protected content, use user name: test, password: test123"
  8. sofatime

    sofatime New Member

    No, I can't do this, as this server is productive. This is a pretty standard installation with lsws 4.2.2 64bit Enterprise on Ubuntu 12 64bit. How would installing lsws standard help?

    Thanks
    Daniel
  9. mistwang

    mistwang LiteSpeed Staff

    which tool is used to generate the encrypt password file?
    You can try Apache's htpasswd utility.
  10. sofatime

    sofatime New Member

    I have used lsws to create the users file.
  11. mistwang

    mistwang LiteSpeed Staff

    We will look into the code in our web console regarding this.
    Can you also try Apache htpasswd, see if the password file generated works with LSWS.

Share This Page