Monday, September 18, 2017

Re: OpenBSD's HTTPD troubles AGAIN - Can't find any man page that explains how to properly set up directory authentication.

Michael Hekeler <michael@hekeler.com> writes:

> Whats wrong with the manpage?
>
> [no] authenticate [realm] with htpasswd
> Authenticate a remote user for realm by checking the
> credentials against the user authentication file htpasswd.
> The file name is relative to the chroot and must be
> readable by the www user. Use the no authenticate directive
> to disable authentication in a location.
> Authenticate a remote user for realm by checking the
> credentials against the user authentication file htpasswd.
> The file name is relative to the chroot and must be readable
> by the www user. Use the no authenticate directive to disable
> authentication in a location.
>
>
>
>> I read it totally differently, that the htpasswd is a location to a
>> file and not just a declaration to look for a file in the current dir
>> named htpasswd etc.
>
> The htpasswd IS a file:
> location "/*" { authenticate with "/htpasswd" }
>
> In this example the passwordfile is named "htpasswd" and is in /var/www
> (Note that httpd(8) is chrooted by default)

I think he meant possible confusion over whether "htpasswd" is the
literal/only name of the file, or a stand-in name for "any file name I
choose" e.g. if my password file was named "foo" then the directive
would be

authenticate [realm] with foo.

I could see it being interpreted that way, anyway.

Allan

No comments:

Post a Comment