password protection for vhost

sofatime

Well-Known Member
#1
Hi,

I have a very simple problem but cannot figure it out. I would like to password protect a vhost. This vhost is instaniated. I don't want to do it with .htaccess. I have created the realm and the context, but I always get "Authentication failed with user xxx". This is the relevant configuration:

<realmList>
<realm>
<type>file</type>
<name>Test</name>
<userDB>
<location>/path/to/users</location>
<maxCacheSize></maxCacheSize>
<cacheTimeout></cacheTimeout>
</userDB>
<note></note>
<groupDB>
<location></location>
<maxCacheSize></maxCacheSize>
<cacheTimeout></cacheTimeout>
</groupDB>
</realm>
</realmList>

<contextList>
<context>
<type>NULL</type>
<uri>/</uri>
<location></location>
<allowBrowse>1</allowBrowse>
<note></note>
<enableExpires></enableExpires>
<expiresDefault></expiresDefault>
<expiresByType></expiresByType>
<extraHeaders></extraHeaders>
<addMIMEType></addMIMEType>
<forceType></forceType>
<defaultType></defaultType>
<indexFiles></indexFiles>
<autoIndex></autoIndex>
<allowOverride></allowOverride>
<realm>Test</realm>
<authName></authName>
<required></required>
<accessControl>
<allow></allow>
<deny></deny>
</accessControl>
<authorizer></authorizer>
<addDefaultCharset>off</addDefaultCharset>
<defaultCharsetCustomized></defaultCharsetCustomized>
<rewrite>
<enable></enable>
<inherit></inherit>
<base></base>
<rules></rules>
</rewrite>
<enableIpGeo></enableIpGeo>
<apacheConf></apacheConf>
</context>
</contextList>

I have also created the users file and made sure the password is really correct.

Any hints?

Thanks
Daniel
 

sofatime

Well-Known Member
#2
I have now tried to do the same with .htaccess: Does not work either with the same users file. But if I create a .htpasswd with the password unencrypted it works. So it apparently has to do with the users file. I have created the users file normally using the lsws admin and it looks good. The only thing that's new to me is a ":" at the end of the user entry (after the password).

Daniel
 

sofatime

Well-Known Member
#4
Thank you. I already tried "user xxx", but did not work. Also the lsws documentation says that "required" can be left empty and then every user would be valid (the same as "valid-user").
The users file exists and contains the correct user.

Daniel
 

NiteWave

Administrator
#5
compared with an local test box of mine,
can you set some values of:
<maxCacheSize></maxCacheSize>
<cacheTimeout></cacheTimeout>
for example, 200, 60 respectively.
 

sofatime

Well-Known Member
#6
Ok, I did, but still does not work.
I have now solved the problem with .htaccess und .htpasswd with an unencrypted password. But still would be good if I could do that on the server level.

Daniel
 

NiteWave

Administrator
#7
can you try to install standard version on the same vhost but in another location instead of default /usr/local/lsws. then access the homepage, there is a demo page for Authentication, see if that works for you. the line read:
"Authentication: Password protected content, use user name: test, password: test123"
 

sofatime

Well-Known Member
#8
No, I can't do this, as this server is productive. This is a pretty standard installation with lsws 4.2.2 64bit Enterprise on Ubuntu 12 64bit. How would installing lsws standard help?

Thanks
Daniel
 

mistwang

LiteSpeed Staff
#11
We will look into the code in our web console regarding this.
Can you also try Apache htpasswd, see if the password file generated works with LSWS.
 
Top