Topic: .htaccess authentication problem

[alext]

I recently had to rebuild my SME 7.4 server after a crash during an update.

I have placed sime access security on one of my ibays by;

  db accounts setprop golf AllowOverride All
  signal-event ibay-modify golf

Then creating .htaccess in the html directory of the ibay root (golf/html), containing:

  AuthType Basic
  AuthName "Golf Statistics"
  AuthUserFile ../apache/gusers
  require valid-user

In the directory ../apache i have used htpasswd to create one user with a simple password

In SME server manager I have set up the Ibay "golf" to require passwords for public access on the local net, (for test purposes only).

When I use my browser to access a test page on "golf" I am asked to validate with user name and password. This I enter correctly. But instead of displaying the page I am asked to validate again.

I have chenged the AuthName in order to ensure that the .htaccess file is being read and sure enough the title bar in the validation dialogue changes thus indicating that .htaccess file is indeed being read.

This system used to work fine on my old system but I cannot get past the validation request in this new one.

I am sure that I have either forgotten something or have done something wrong but I am at a loss.

Could somebody help me please.

Thanks
Alex

[Normando]

Alex, you have blend two types of authentications.

One auth coming from your htaccess file, and the other come from you ibays settings.

If you set you ibay to require a password outside your LAN, then, the username used tu outhenticate against the ibays is the same as your ibays. In your case the user name is "golf" and the pass is the pass you have set to the ibays in the server-manager.

I don't know how to work this schema, but I think you must choose only one type of authentication, or ibays auth, or htaccess auth. If you want users other than SME users, then you must use htpass file with the users you want.

[alext]

Thanks for the reply.
I set the ibay access to "No ACCESS" then tried again but have the same result.
I then tried the ibay access with several other variants but always the same error.

I re-created my password file, (gusers), using htpasswd with just one user; alex and a simple password. Still the same problem.

Any other thoughts?

Cheers,
Alex

[janet]

alext

You state you had a crash during an upgrade.
Just to make sure your system is clean (and functioning correctly), it would be wise to do
signal-event post-upgrade
signal-event reboot
before proceeding further.

As far as the ibay is concerned, in your case the ONLY option you should use for "Public access via web or anonymous ftp" is
Entire Internet (no password required)

On it's own, this should allow anyone to access the site.

Your .htaccess should then force the authentication.

I suggest you stop changing settings all over the place randomly, that's only confusing and misleading you. It seems you do not really understand what you are doing. As I said, disable the ibay authentication entirely.

Also there is a better and safer way to setup authentication with .htaccess on sme server, using a very easily implemented custom template.
It removes the security risks associated with the public exposure your .htaccess file has now.

Please read
http://wiki.contribs.org/Htaccess

[dmcguire]

If it's only for one user, I usually just create an iBay - in your case "golf" - and then set 'Public access via web or anonymous ftp' to "Entire Internet (password required)". after the iBay is created, use the reset password link (usually in red) to set a password for that iBay.

When you go to http://your.server.name/golf you should be prompted for a username and password. The username is the iBay name, and the password is whatever you set it to.

Hope that helps.