Please assist in .htdigest implementation

software development

#1

Error being received in browser:

‘Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn’t understand how to supply the credentials required.’

access.log entry:

72.68.164.227 - - [08/May/2012:21:25:07 -0700] “GET /secure HTTP/1.1” 401 966 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.54.16 (KHTML, like Gecko) Version/5.1.4 Safari/534.54.16”

error.log entry (obviously not the cause of the error, though I wonder whether this error log is set to not be very verbose):

[Tue May 08 21:25:07 2012] [error] [client 72.68.164.227] File does not exist: /home/gofishtechnologies/lookupguides.com/failed_auth.html

Steps taken prior to error:

  1. Created file /lookupguides.com/secure/.htaccess with the following contents:

<Files .htaccess>
order allow,deny
deny from all

AuthType Digest
AuthName "Materials herein Copyright 2012 by Steven J. Stromer, all rights reserved. May not be duplicated or reproduced without written permission."
AuthDigestDomain /secure/ http://www.lookupguides.com/secure/ http://secure.lookupguides.com
AuthDigestQop auth-int
AuthDigestProvider file
AuthUserFile /home/gofishtechnologies/guests.digest
AuthGroupFile /home/gofishtechnologies/groups.digest
Require group guests
BrowserMatch “MSIE” AuthDigestEnableQueryStringHack=On

  1. Created the file /groups.digest with the following contents:

guests: guest

  1. Shelled into account and executed the following commands:

/usr/bin/htdigest -c guests.digest guests guest
chmod 644 lookupguides.com/secure/.htaccess
chmod 644 groups.digest
chmod 644 guests.digest

Additional notes:

  1. I attempted to use both ‘AuthUserFile’ and ‘AuthDigestFile’ alternately in the .htaccess file, due to a documented bug in which ‘AuthDigestFile’ fails to work properly on DH servers. Despite the age of this known bug, the problem remains, since using ‘AuthDigestFile’ results in an Internal Server Error. By contrast, the Authentication Required’ error is a more manageable problem.

  2. I attempted to set ‘AuthDigestQop’ to the default ‘auth,’ but receive an Internal Server Error message. Setting ‘AuthDigestQop’ to ‘auth-int’ (MD5) seems to work better, despite how illogical this seems to me.

  3. I tried setting ‘AuthUserFile’ path to both /guests.digest and to /home/gofishtechnologies/guests.digest. The second seems correct, but clearly is not working.

  4. I tried setting ‘AuthGroupFile’ path to both /groups.digest and to /home/gofishtechnologies/groups.digest. The second seems correct, but clearly is not working.

  5. I tried setting ‘Require’ to ‘Require group guests’ and to ‘Require valid-users’. Neither corrects the error.

Thank you for your assistance.


#2

AuthDigestFile not working is not a bug. That directive was removed in Apache 2.2, as it was no longer necessary.

The <Files .htaccess> directive isn’t necessary, by the way. We’ve already got a bit in our web server configuration that blocks access to all files with names beginning with “.ht” (.htaccess, .htpasswd, .htdigest…).

What’s probably really getting in the way here, though, is that the domain you’re entering to htdigest (“guests”) is incorrect. It needs to match the whole string in AuthName, which is a reason why I’d recommend against using that field for a notice if you’re using digest authentication.

Here’s a minimal two-step process to get digest authentication working for a folder called “/secure”.

  1. Put this in .htaccess:
AuthType digest
AuthDigestDomain /secure
AuthName "Secure Files"
AuthUserFile /home/username/example.com/secure/.htdigest
Require valid-user
  1. Create the .htdigest file:

That’s it! (You should, of course, replace “username”, “example.com”, “/secure”, and “Secure Files” with appropriate values for your user and domain.)