Apache authentication & Leopard

Similar Messages

• Apache PW Authentication & Leopard

  i have an apache site running on my G%. i had password authentication working fine under Panther and Tiger. just upgraded to Leopard and it seems not to be working. it's as though none of the httpd.conf edits (that i see are still there) are not taking effect OR something changed with Apache in Leopard -- or the like.
  the httpdd.conf customizations that have worked for quite some time are:
  Order deny,allow
  Deny from all
  Allow from 127.0.0.1
  AuthName "By Invitation Only"
  AuthType Basic
  AuthUserFile /Library/WebServer/.htpasswd
  Require valid-user
  Satisfy Any
  and they are still in what i believe to be the active httpd.conf file. additionally, the .htpasswd file is also located in the right place and is intact after the upgrade.
  it's not as though the site is inaccessible. access to my site from the outside world is just swell... just no authentication before providing access.
  any ideas of why the password authentication would just not work??
  thanks!!

  That was exactly it!
  I am grateful and so glad I decided to put the question to the forums. I stared and poked at it for more than an hour. I'm not an expert by far, so I was "double checking" myself in circles at 2AM. Thanks SO much for the dot connection.
  Any idea where I can read more about the Leopard specific Apache install???
  Separately, it was funny because it still took me a while to find the issue. Even when I found my way to /etc/apache2, when i then invoked bbedit httpd.conf from within that directory, it opened up the old one -- or rather the one I was already familiar with in /etc/httpd. I eventually had to have bbedit 'open hidden' to get to the proper new one.
  Anyway, thanks for the info!
  David

• Apache, authentication required, key not working

  I'm trying to set up my PC with Apache Server. If i try to access it from my laptop in our home, it serves on 192.168.1.102 I went to no-ip.biz because we have a dynamic IP here. when i try to remotely access the server, i get a screen that says: Authentication required Enter username and password for "linksys BEFW11S4 V.2" at http://XXXXXX.no-ip.biz (xxx being my subdomain i requested) the screen will not accept any 'admin' or the network key i use. Any advice?

  Hi
  You should use port forwarding and forward your apache port (usually 80) to the ip address of the machine that has apached installed
  Hope this works
  Cheers

• Apache Authentication

  We recently setup an Open Directory server on OSX 10.4 and we're having issues getting our GNU/Linux Apache 2.0 web server to authenticate against it. Here is the section in our httpd.conf:
  LoadModule ldap_module modules/mod_ldap.so
  LoadModule authldapmodule modules/modauthldap.so
  <Directory "/www/docs/public/ldaptest">
  Options Indexes FollowSymLinks
  AllowOverride None
  order allow,deny
  allow from all
  AuthLDAPEnabled on
  AuthType Basic
  AuthName "OD LDAP Test"
  AuthLDAPURL
  "ldap://ldaphost:389/dc=ldaphost,dc=ucsd,dc=edu"
  Require valid-user
  </Directory>
  I've looked at both the apache2 logs and the OD logs on the OSX server but it's not showing anything useful. This same configuration works with a generic OpenLDAP server without any problems. Do I need to use a special module (modappleauth?) or is there some configuration switch I need to change?
  We'd also like to have the ability to authenticate via group using the require group directive.
  Additionally is there any way to authenticate a SunOne web server to OD?
  Thank you.

  After looking at the Apache logs I came across this:
  auth_ldap authenticate: user ldaptest authentication failed; URI /ldaptest/ [LDAP: ldapsimple_binds() failed][Invalid credentials]
  Which looks like the OSX server isn't allowing anonymous binds for some reason. Even though I can do a normal ldapsearch and get results without any problems.

• Apache authentication via mod_auth_mysql

  Hi to all.. anybody have ever tried to configure Apache protected directories
  via modauthmysql ?
  my result is an error NSURLErrorDomain:-1005 after filling field with username e password...
  If is there anybody who tried this authentication method?
  I use standard Apache that comes with macosx 10.4.3..
  thank you

  I have the same problem like you??? You already know the solution?

• How to re-install Apache on Leopard?

  I got interested in playing around with PHP / Apache on my MBP. Went into "sharing" in SysPrefs and enabled Web Sharing, but it doesn't work. eg: type http:/localhost, or http://localhost/~myusername in the browser address bar gives a "Can't establish a connection to the server" error.
  From what I understand, the built-in Apache web server should work out of the box. Typing 'sudo apachectl start' in Terminal gives me "org.apache.httpd: Already Loaded".
  Is there a log file somewhere that I can look at to determine what the problem is? Or, failing that, is there some way to re-install Apache from my OSX Installation disk?

  roach999 wrote:
  I got interested in playing around with PHP / Apache on my MBP. Went into "sharing" in SysPrefs and enabled Web Sharing, but it doesn't work. eg: type http:/localhost, or http://localhost/~myusername in the browser address bar gives a "Can't establish a connection to the server" error.
  From what I understand, the built-in Apache web server should work out of the box. Typing 'sudo apachectl start' in Terminal gives me "org.apache.httpd: Already Loaded".
  Is there a log file somewhere that I can look at to determine what the problem is? Or, failing that, is there some way to re-install Apache from my OSX Installation disk?
  Your best bet is to user your TM or other backup to reinstall your OS to a time just prior to your modifying the OS. Simply reinstalling Apache may not fix anything.
  You might try using Pacifist to extract Apache from the Leopard DVD, but Apache is so tightly wrapped into the system that this might not work.

• Apache authentication using .htaccess not working??

  I have added the following to my httpd.conf file:
  <Directory "/Library/WebServer/Documents/secret">
  Options FollowSymLinks
  AllowOverride None
  </Directory>
  Then I created an .htaccess file in /Library/WebServer/Documents/secret with the following contents:
  AuthName "Private area - server owner only. Hit Cancel."
  AuthType Basic
  AuthUserFile /Library/WebServer/.htpasswd
  require valid-user
  Then in Terminal I entered the following:
  htpasswd -c /Library/WebServer/.htpasswd s1lly
  New password: rabb1t
  Re-type new password: rabb1t
  Adding password for user s1lly
  Thn I stopped and re-started Apache using the OS X Server Admin apps. Now when I go to http://localhost/secret in my browser, it asks me for a username & password. I enter s1lly and rabb1t, but all it tells me is:
  "Forbidden
  You don't have permission to access /secret/ on this server.
  Apache/1.3.33 Server at localhost Port 80"
  What am I doing wrong? Before I added the .htaccess file and changed the httpd.conf, everything worked properly, so I know the URLs are correct. All files are set to be world-readable.
  Changing the .htaccess line from require valid-user to require user s1lly didn't help either.
  Thanks,
  Mike
  G4 MDD 1.25 GHz   Mac OS X (10.4.9)   Running OS X Server 10.4.9
  iBook 700mHz   Mac OS X (10.3.9)  

  Mike--
  I have added the following to my httpd.conf file:
  <Directory "/Library/WebServer/Documents/secret">
  Options FollowSymLinks
  AllowOverride None
  </Directory>
  Shouldn't that be AllowOverride AuthConfig? With it set to "None", Apache shouldn't be looking at the .htaccess file at all.
  charlie

• Apache Authentication mod_auth_apple (client)

  Hi,
  I'm trying to setup my apache with "AuthType Basic", using the local account / users.
  Guess this is only possible by using the appleauthmodule (libexec/apache2/modauthapple.so).
  Seems that this module isn't available in the non server version of 10.5
  So, what's my options?
  Read in old dev-mailing lists that the source for modauthapple is available but can't find it...

  I have the same problem like you??? You already know the solution?

• Notice about Apache in Leopard

  have clean Leo OS (10.5.1, not upgraded from Tiger)...
  enabled web sharing, modifed httpd.conf little bit:
  Listen 127.0.0.1:80
  it's needed for myself only...
  server works perfectly:
  Apache Server Status for localhost
  Server Version: Apache/2.2.6 (Unix) PHP/5.2.4 mod_ssl/2.2.6 OpenSSL/0.9.7l
  Server Built: Sep 23 2007 18:07:19
  Current Time: Wednesday, 16-Jan-2008 14:38:17 NOVT
  Restart Time: Wednesday, 16-Jan-2008 14:31:41 NOVT
  from server-status page
  but there are many trash in system log file:
  an 16 14:38:19 ontario com.apple.launchd[108] (org.apache.httpd): Throttling respawn: Will start in 10 seconds
  Jan 16 14:38:29 ontario org.apache.httpd[10347]: (13)Permission denied: make_sock: could not bind to address 127.0.0.1:80
  Jan 16 14:38:29 ontario org.apache.httpd[10347]: no listening sockets available, shutting down
  Jan 16 14:38:29 ontario org.apache.httpd[10347]: Unable to open logs
  Jan 16 14:38:29 ontario com.apple.launchd[108] (org.apache.httpd[10347]): Exited with exit code: 1
  Jan 16 14:38:29 ontario com.apple.launchd[108] (org.apache.httpd): Throttling respawn: Will start in 10 seconds
  Jan 16 14:38:39 ontario org.apache.httpd[10348]: (13)Permission denied: make_sock: could not bind to address 127.0.0.1:80
  Jan 16 14:38:39 ontario org.apache.httpd[10348]: no listening sockets available, shutting down
  Jan 16 14:38:39 ontario org.apache.httpd[10348]: Unable to open logs
  Jan 16 14:38:39 ontario com.apple.launchd[108] (org.apache.httpd[10348]): Exited with exit code: 1
  Jan 16 14:38:39 ontario com.apple.launchd[108] (org.apache.httpd): Throttling respawn: Will start in 10 seconds
  everything is ok with netstat:
  ctive Internet connections (including servers)
  Proto Recv-Q Send-Q Local Address Foreign Address (state)
  tcp4 0 0 127.0.0.1.80 . LISTEN

  My Apache has been highly customized, with several virtual hosts, but I was getting the same errors in the console that this thread mentions. So I hope my solution helps some of you.
  First, make sure your main (default) error log exists and can be written to. Open the Terminal, and enter:
  sudo mkdir /private/var/log/apache2
  This may return telling you that it's already there. It should ask for your password before trying. Next, make sure the error_log exists:
  sudo touch /private/var/log/apache2/error_log
  My gotcha was that I'm using an Apache compiled from MacPorts, and so my default error_log wasn't in that location. I found it (and all other possible logs) with this command:
  locate error_log
  It should give you a list of files that have "error_log" in their name. One of them should be getting written to every time the console reports that message "Exited with exit code: 1", so you may need to "ls -l" on a few of the directories to find out which one has recently changed. To find out what the error is that is stopping Apache from launching, enter:
  tail /private/var/log/apache2/error_log
  Use the path of the error_log that has recently changed. For example, mine was:
  tail /opt/local/apache2/logs/error_log
  This command reported:
  (2)No such file or directory: httpd: could not open error log file /Users/bcurtis/Sites/bivia.com/newdev/log/errors.development.log.
  Unable to open logs
  This was a log that one of the virtual hosts wanted to write to, related to a Ruby on Rails config, which might explain why not everyone is having this problem. I just had to create the directory /Users/bcurtis/Sites/bivia.com/newdev/log/ in the Finder, and Apache started up just fine.
  Hope this helps someone!
  +Ben

• Apache authentication using Oracle dB

  I'm a newbie trying to find out how do u set up apache to look at tables in an oracle db to get username, password, and group. I've seen mod_auth_mysql, and other mofules, but I haven't been able to find a module that works with oracle. I'm not sure but should I use the mod_auth_external ? Thanks for your help.

  Thanks for the links.
  So the ADF security is built on OPSS which in turn uses the Weblogic Server.
  So does that mean that say i wanted to make up some pages that were integrated into an already existing CRM system (EBS R12) that i'd also need to install/setup Weblogic server on the existing EBS server? Couldn't i just use the existing Application Server? Or would Weblogic server already be on as standard?
  Sorry if they are daft questions.
  I can see that the ADF security can have user and groups setup. However what i wanted to avoid is users having to login twice to two different systems. What i want is that users can be using the CRM system and click a button which fires up a custom jsp or similiar page (which is seemless to the users cause its still part of the CRM application) which pulls data from another source for instance. But when they do this i want the implemenation to make sure they are currently logged in correctly to the CRM system. Does that make sense?

• Apache authentication solution

  Greetings,
  I'm setting up a couple of apache virtual hosts on my arch server.
  www.mydomain.com - web page
  wiki.mydomain.com - wiki
  media.mydomain.com - image repository
  The information on these hosts are only intended for my family and a couple of relatives.
  Can someone help me to choose a good security implementation?
  - Fast and simple login procedure
  - A non-tech person should be able to login to the site
  - You should be able to login once and then be able to access all the hosts

  A normal .htaccess file will do all apart from the Single Sign On (SSO) part. That will be harder.
  Of course, if you can identify "family and friends" by IP Address, then it's a lot simpler.
  What about running Apache on an alternative port (say 22280)? It's Security-by-Obscurity which isn't really security, but Security is a compromise of Ease-of-use, and vice-versa.
  Last edited by fukawi2 (2010-12-21 23:03:34)

• How to configure apache to avoid risks while hosting your domain

  Hi all
  I am trying to host my personal site on my machine, and after configuring the personal web i am able to see the apache page when i go to my ip address (the real one, not the one from my router).
  Now, i have little experience with apache on pc, and i remember that there was a bunch of files to set up authentication, users allowed to log in into your site, restrictions to avoid that some guy will sneak on the machine and get out of the web folder....etc.
  Can someone please point me to the right info about how to configure apache on Leopard to avoid unwanted risks while simply hosting a site and a wiki?
  Thanks!

  Leopard client only has a User Interface to turn web sharing on or off. If you want to modify apache you have to do via the command line in the terminal client.
  Out of the box Leopard is configured so that only your sites folder is accessible. and the systemwide webfolder located at /Library/WebServer/Documents
  so if you want your sites folder to be accessible and not the main webserver folder can rename that folder to Documents.bak for example.

• Leopard client login problem (Tiger server)... why can't I authenticate?

  I look after a number of Macs and PCs at my company. Most Macs are running the latest version of Tiger but the newest machine came with Leopard. All users log into network accounts on our Xserve, running OSX Server (Tiger). However, the Leopard client machine refuses to log in to any network account, including the one I set up specifically for the machine's user, shaking its login window at me.
  Users connect using Open Directory Master on the server and none of the Tiger clients have ever had problems logging in.
  On the troublesome client machine, I have bound to the server correctly in Directory Utility which declares that the server is responding normally. At the login screen I get a green light and "Network Accounts Available" when I click through the options above the user name field so I know the machine can see the server.
  I can successfully log in to a local account and subsequently mount the server volumes using the new name and password I've set up for the user.
  What have I missed?
  So far, in my attempts to resolve this I have done the following:
  Removed the password from the new account;
  Unbound from the server, changed the short name of the computer, re-bound to the server;
  Tried logging in to other accounts known to be working;
  In WGM checked that the NFSHomeDirectory entry shows the complete path for the user's home directory;
  Trawled through endless forums for clues.
  Kerberos is not running. Does it need to be for authenticating Leopard users?
  Is there an issue with clear text passwords in Leopard? Seemingly eliminated through a no-password test account.
  I'm sure that I logged in successfully once after setting up the machine but, after installing Leopard updates, logging in has consistently failed.
  Anyone else having similar problems? Better yet, anyone have any answers?

  No need to apologize. I learned the same way you are...
  I think you may end up re-binding the 10.4 clients if you kerberize the server.
  You may want to go to the server forum for folks with more definitive annswers.
  http://discussions.apple.com/category.jspa?categoryID=96
  In any case, make sure you have a reliable backup before you do anything.
  Jeff
  Message was edited by: Jeff Kelleher

• Mac OS X Leopard and PHP

  Posted in both the Dreamweaver and Dreamweaver Application
  Development
  forums.
  Mac OS X 10.5 (Leopard) uses Apache 2.2.6. This is NOT
  compatible with
  the Mac PHP package recommended in all my books. Marc
  Liyanage
  (www.entropy.ch/home) is aware of the problem, but there is
  no ETA for
  an update.
  If you have upgraded to Leopard and want to develop PHP pages
  on your
  Mac, you might want to try MAMP (www.mamp.info/en/mamp.html)
  instead. I
  haven't tested it myself yet, but it has a very good
  reputation.
  David Powers, Adobe Community Expert
  Author, "The Essential Guide to Dreamweaver CS3" (friends of
  ED)
  Author, "PHP Solutions" (friends of ED)
  http://foundationphp.com/

  For non nerds or starters like me:
  To enable PHP and Apache in Leopard:
  Apache is simple, go to the sharing panel in system
  preferences, and enable “Web Sharing”.
  PHP requires he use of Terminal (or a BBEdit/Textwrangler if
  you prefer).
  First check you have enabled Root in Leopard.
  If not here’s how:
  1. Open the Directory Utility: In the Finder, navigate to
  the Utilities folder (tip: click on the desktop, hit Cmd+Shift+U).
  2. Click on the padlock to allow edits.
  3. Go Edit > Enable Root Password
  4. Enter and re-enter your password.
  Now, you are set to access protected areas of the system via
  the terminal. Probably a good idea to back up any file before you
  modify it, just in case.
  Back to terminal...
  when you first start terminal it will show your Admin name
  followed by a colon,
  eg johnsmith:
  type “su” the press enter
  terminal will the ask for a password,
  type in your “password” and press enter.
  Note your password doesn’t appear on the screen.
  You have two files to alter briefly.
  First file:
  Type: sudo pico /private/etc/apache2/httpd.conf
  and press enter (note the space after sudo and pico).
  This opens the file: htpd.conf a hidden file.
  Now if you haven’t used this before (I hadn’t and
  learned on the job), the navigation symbols at the screen bottom
  with an inverted “v” and a letter , mean to press
  control and the letter, for example “control X” to
  exit.
  You need to alter 3 lines of code:
  1....Use the arrow keys to move down the page...first find a
  group of coded lines that start with:
  LoadModule (there are many lines)..
  near the end you’ll find a line:
  #LoadModule php5_module modules/libphp5.so
  you need to remove the “#” to uncomment and make
  it active. Position the cursor to the right of the hash and press
  delete.
  2....Next find a line starting with
  “DirectoryIndex” it probably looks like:
  DirectoryIndex index.html
  Alter it to this:
  DirectoryIndex index.html index.html.var index.php
  3....Next find a group of lines that have “ AddType
  application/x ........”
  I seem to remember there were 2 lines like that,
  add a line straight after like this:
  AddType application/x-httpd-php .php ( note the space between
  php and .php)
  To save your file press “control X” to exit, and
  “Y” (yes) to save. It then asks if you want to save as
  a name/different, I just pressed enter to accept the default name.
  I went back to check all had been saved by re-opening the
  file.
  Second File:
  Type: sudo pico /private/etc/php.ini.default
  You only need to alter one line n this file.
  Look for a series of lines beginning with a semi-colon like
  this:
  ;error_reporting = etc etc etc
  Find a line below without a semi colon like this:
  error_reporting = E_ALL & -E_NOTICE
  then edit out all after “E_ALL” so it looks like
  this:
  error_reporting = E_ALL
  Save you work as before.
  You can now test PHP works quickly by starting TextEdit and
  type in:
  <?php
  phpinfo();
  ?>
  Save the file as “test.php” to your root web
  directory
  on my Mac is” Macintosh HD/Library/WebServer/Documents
  (Actually I also saved it to just the WebServer folder).
  Start up your browser and enter a URL:
  http://localhost/test.php
  If all has been done as above you’ll get a ful listing
  of php stuff you probably don’t need to know!

• Possible to disable authentication by WL server?

  Hi!
  I am using WL server 8.1 SP 6 on linux enterprise 7.3. I have Apache installed in another linux server to provide user authentication before sending the request to WL server. Previously I was running WL server 8.1 SP 4 and I do not have problems. After switching to SP 6, I keep getting password challenge from the WL server. It seems that in SP 6, the BASIC authentication is 'working' and is obtaining the user information from the HTTP header to check against its own user list for permissions. If I create the user account in WL server, I have no problems accessing the pages but I do not want to maintain a user list in WL server. I am accessing the webpages hosted through a proxy server and have followed the steps in http://edocs.bea.com/wls/docs61/adminguide/apache.html. Any way I can bypass or disable WL server's authentication, depending only on Apache authentication?

  Hi!
  Thanks Raja for the reply. I am not protecting anything in WL env. The settings were not modified after creation of the domain using the configuration manager. When compared against the settings for my SP 4 version, they are similiar other than those few new options that came with SP 5 and 6. My problem happens when I want to access any web page. When I try to log in more than 5 times, WL console will give an error code BEA-090078 (Notice: User xyz in security realm myrealm has had 5 attempts, locking account for 30 minutes) and subsequent tries will produce an error code BEA-090403 (Critical: Authentication for user xyz denied).
  Regards,
  Adrian