Apache Authentication

Similar Messages

• Apache, authentication required, key not working

  I'm trying to set up my PC with Apache Server. If i try to access it from my laptop in our home, it serves on 192.168.1.102 I went to no-ip.biz because we have a dynamic IP here. when i try to remotely access the server, i get a screen that says: Authentication required Enter username and password for "linksys BEFW11S4 V.2" at http://XXXXXX.no-ip.biz (xxx being my subdomain i requested) the screen will not accept any 'admin' or the network key i use. Any advice?

  Hi
  You should use port forwarding and forward your apache port (usually 80) to the ip address of the machine that has apached installed
  Hope this works
  Cheers

• Apache authentication & Leopard

  i have an apache site running on my G%. i had password authentication working fine under Panther and Tiger. just upgraded to Leopard and it seems not to be working. it's as though none of the httpd.conf edits (that i see are still there) are not taking effect OR something changed with Apache in Leopard -- or the like.
  the httpdd.conf customizations that have worked for quite some time are:
  Order deny,allow
  Deny from all
  Allow from 127.0.0.1
  AuthName "By Invitation Only"
  AuthType Basic
  AuthUserFile /Library/WebServer/.htpasswd
  Require valid-user
  Satisfy Any
  and they are still in what i believe to be the active httpd.conf file. additionally, the .htpasswd file is also located in the right place and is intact after the upgrade.
  it's not as though the site is inaccessible. access to my site from the outside world is just swell... just no authentication before providing access.
  any ideas of why the password authentication would just not work??
  thanks!!

  That was exactly it!
  I am grateful and so glad I decided to put the question to the forums. I stared and poked at it for more than an hour. I'm not an expert by far, so I was "double checking" myself in circles at 2AM. Thanks SO much for the dot connection.
  Any idea where I can read more about the Leopard specific Apache install???
  Separately, it was funny because it still took me a while to find the issue. Even when I found my way to /etc/apache2, when i then invoked bbedit httpd.conf from within that directory, it opened up the old one -- or rather the one I was already familiar with in /etc/httpd. I eventually had to have bbedit 'open hidden' to get to the proper new one.
  Anyway, thanks for the info!
  David

• Apache authentication via mod_auth_mysql

  Hi to all.. anybody have ever tried to configure Apache protected directories
  via modauthmysql ?
  my result is an error NSURLErrorDomain:-1005 after filling field with username e password...
  If is there anybody who tried this authentication method?
  I use standard Apache that comes with macosx 10.4.3..
  thank you

  I have the same problem like you??? You already know the solution?

• Apache authentication using .htaccess not working??

  I have added the following to my httpd.conf file:
  <Directory "/Library/WebServer/Documents/secret">
  Options FollowSymLinks
  AllowOverride None
  </Directory>
  Then I created an .htaccess file in /Library/WebServer/Documents/secret with the following contents:
  AuthName "Private area - server owner only. Hit Cancel."
  AuthType Basic
  AuthUserFile /Library/WebServer/.htpasswd
  require valid-user
  Then in Terminal I entered the following:
  htpasswd -c /Library/WebServer/.htpasswd s1lly
  New password: rabb1t
  Re-type new password: rabb1t
  Adding password for user s1lly
  Thn I stopped and re-started Apache using the OS X Server Admin apps. Now when I go to http://localhost/secret in my browser, it asks me for a username & password. I enter s1lly and rabb1t, but all it tells me is:
  "Forbidden
  You don't have permission to access /secret/ on this server.
  Apache/1.3.33 Server at localhost Port 80"
  What am I doing wrong? Before I added the .htaccess file and changed the httpd.conf, everything worked properly, so I know the URLs are correct. All files are set to be world-readable.
  Changing the .htaccess line from require valid-user to require user s1lly didn't help either.
  Thanks,
  Mike
  G4 MDD 1.25 GHz   Mac OS X (10.4.9)   Running OS X Server 10.4.9
  iBook 700mHz   Mac OS X (10.3.9)  

  Mike--
  I have added the following to my httpd.conf file:
  <Directory "/Library/WebServer/Documents/secret">
  Options FollowSymLinks
  AllowOverride None
  </Directory>
  Shouldn't that be AllowOverride AuthConfig? With it set to "None", Apache shouldn't be looking at the .htaccess file at all.
  charlie

• Apache Authentication mod_auth_apple (client)

  Hi,
  I'm trying to setup my apache with "AuthType Basic", using the local account / users.
  Guess this is only possible by using the appleauthmodule (libexec/apache2/modauthapple.so).
  Seems that this module isn't available in the non server version of 10.5
  So, what's my options?
  Read in old dev-mailing lists that the source for modauthapple is available but can't find it...

  I have the same problem like you??? You already know the solution?

• Apache authentication using Oracle dB

  I'm a newbie trying to find out how do u set up apache to look at tables in an oracle db to get username, password, and group. I've seen mod_auth_mysql, and other mofules, but I haven't been able to find a module that works with oracle. I'm not sure but should I use the mod_auth_external ? Thanks for your help.

  Thanks for the links.
  So the ADF security is built on OPSS which in turn uses the Weblogic Server.
  So does that mean that say i wanted to make up some pages that were integrated into an already existing CRM system (EBS R12) that i'd also need to install/setup Weblogic server on the existing EBS server? Couldn't i just use the existing Application Server? Or would Weblogic server already be on as standard?
  Sorry if they are daft questions.
  I can see that the ADF security can have user and groups setup. However what i wanted to avoid is users having to login twice to two different systems. What i want is that users can be using the CRM system and click a button which fires up a custom jsp or similiar page (which is seemless to the users cause its still part of the CRM application) which pulls data from another source for instance. But when they do this i want the implemenation to make sure they are currently logged in correctly to the CRM system. Does that make sense?

• Apache authentication solution

  Greetings,
  I'm setting up a couple of apache virtual hosts on my arch server.
  www.mydomain.com - web page
  wiki.mydomain.com - wiki
  media.mydomain.com - image repository
  The information on these hosts are only intended for my family and a couple of relatives.
  Can someone help me to choose a good security implementation?
  - Fast and simple login procedure
  - A non-tech person should be able to login to the site
  - You should be able to login once and then be able to access all the hosts

  A normal .htaccess file will do all apart from the Single Sign On (SSO) part. That will be harder.
  Of course, if you can identify "family and friends" by IP Address, then it's a lot simpler.
  What about running Apache on an alternative port (say 22280)? It's Security-by-Obscurity which isn't really security, but Security is a compromise of Ease-of-use, and vice-versa.
  Last edited by fukawi2 (2010-12-21 23:03:34)

• Possible to disable authentication by WL server?

  Hi!
  I am using WL server 8.1 SP 6 on linux enterprise 7.3. I have Apache installed in another linux server to provide user authentication before sending the request to WL server. Previously I was running WL server 8.1 SP 4 and I do not have problems. After switching to SP 6, I keep getting password challenge from the WL server. It seems that in SP 6, the BASIC authentication is 'working' and is obtaining the user information from the HTTP header to check against its own user list for permissions. If I create the user account in WL server, I have no problems accessing the pages but I do not want to maintain a user list in WL server. I am accessing the webpages hosted through a proxy server and have followed the steps in http://edocs.bea.com/wls/docs61/adminguide/apache.html. Any way I can bypass or disable WL server's authentication, depending only on Apache authentication?

  Hi!
  Thanks Raja for the reply. I am not protecting anything in WL env. The settings were not modified after creation of the domain using the configuration manager. When compared against the settings for my SP 4 version, they are similiar other than those few new options that came with SP 5 and 6. My problem happens when I want to access any web page. When I try to log in more than 5 times, WL console will give an error code BEA-090078 (Notice: User xyz in security realm myrealm has had 5 attempts, locking account for 30 minutes) and subsequent tries will produce an error code BEA-090403 (Critical: Authentication for user xyz denied).
  Regards,
  Adrian

• SSL handshake failure

  Hi,
  I have to establish the connection from SAP WebAS to an Apache server via HTTPS.  The Apache authentication is based on client certificates. But I'm still unable to establish a connection. Everything runs fine via HTTPS if client certificate authentication is disabled on Apache (anonymous access). But as soon as client authentication is enabled, the icm log displays the following failure:
  [Thr 1800] *** ERROR during SecudeSSL_Read() from SSL_read()==SSL_ERROR_SSL                                                    
  [Thr 1800]    session uses PSE file "/usr/sap/E3T/DVEBMGS00/sec/SAPSSLC.pse";;                                                   
  [Thr 1800] SecudeSSL_Read: SSL_read() failed --                                                                               
  secude_error 536872195 (0x20000503) = "handshake failure"                                                                    
  [Thr 1800] >> ---------- Begin of Secude-SSL Errorstack ---------- >>                                                          
  [Thr 1800] ERROR in ssl3_read_bytes: (536872195/0x20000503) handshake failure                                                  
  WARNING in ssl3_read_bytes: (536875072/0x20001040) received a fatal SSLv3 handshake failure alert message from the peer        
  [Thr 1800] << ---------- End of Secude-SSL Errorstack ----------                                                               
  [Thr 1800] <<- ERROR: SapSSLRead(sssl_hdl=0x115f8a310)==SSSLERR_SSL_READ                                                       
  [Thr 1800] ->> SapSSLErrorName(rc=-58)                                                                               
  [Thr 1800] <<- SapSSLErrorName()==SSSLERR_SSL_READ                                                                             
  [Thr 1800] *** ERROR => IcmReadFromConn(id=3/1967): SapSSLRead returned (-58): SSSLERR_SSL_READ [icxxthrio_mt 2539]            
  [Thr 1800] *** ERROR => IcmReadFromConn(id=3/1967): read failed (rc = -1) [icxxthrio_mt 2611]                                  
  [Thr 1800] *** ERROR => IcmHandleNetRead(id=3/1967): IcmReadFromConn failed (rc = -1) [icxxthrio_mt 1304]  
  In the Apache logs, it seems that SAP is not sending a client certificate. So Apache closes the connection. Do you have an idea how I can make SAP WebAS send the certificate ?
  Thanks in advance
  Christan

  Hi,
  >Because the third line in your log says that no PSE could be found?
  I'm not sure of that.
  Here is an extract of the log of an ICM starting without a client certificate in STRUST
  [Thr 4392] =  secudessl_Create_SSL_CTX():  PSE "D:\usr\sap\PPI\DVEBMGS74\sec\SAPSSLC.pse" not found,
  [Thr 4392] =      using PSE "D:\usr\sap\PPI\DVEBMGS74\sec\SAPSSLS.pse" as fallback
  [Thr 4392] ******** Warning ********
  [Thr 4392] *** No SSL-client PSE "SAPSSLC.pse" available
  [Thr 4392] ***    this will probably limit SSL-client side connectivity
  [Thr 4392] ********
  [Thr 4392] = Success    SapCryptoLib SSL ready!
  Here is an extract of the log of an ICM starting with a client certificate in STRUST.
  [Thr 9208] =================================================
  [Thr 9208] = SSL Initialization  on  PC with Windows NT
  [Thr 9208] =   (700_REL,Mar 19 2007,mt,ascii,SAP_UC/size_t/void* = 16/64/64)
  [Thr 9208]   SapISSLComposeFilename(): profile param "ssl/ssl_lib" = "I:\usr\sap\DXI\DVEBMGS68\exe\sapcrypto.dll"
             resulting Filename = "I:\usr\sap\DXI\DVEBMGS68\exe\sapcrypto.dll"
  [Thr 9208] =   found SAPCRYPTOLIB  5.5.5C pl17  (Aug 18 2005) MT-safe
  [Thr 9208] =   current UserID: BT0D0000\SAPServiceDXI
  [Thr 9208] =   found SECUDIR environment variable
  [Thr 9208] =   using SECUDIR=I:\usr\sap\DXI\DVEBMGS68\sec
  [Thr 9208] = Success    SapCryptoLib SSL ready!
  Christian,
  Could you restart the ICM and check the trace file to find out if you get the message about a missing SAPSSLC.pse ?
  Regards,
  Olivier
  [Thr 9208] =================================================

• Group membership on AD-bound server is not updating correctly

  I have a 10.6.4 server that is bound to AD with Win2008 domain controllers. I am seeing group membership not update properly on this OS X server. If I type "id -p username" I don't get a full list of groups the user is a member of. If I launch Workgroup Manager, all of the groups are listed. I am using the box as a Subversion server and need the group updates to propagate from AD for Apache authentication to work correctly. Any ideas as to why the propagation is not happening? Is there a way I can flush whatever cache might be causing an issue? Can the group membership list be "refreshed"?

  Yes, we are using Initialization Blocks to update the User Groups. Our USER_PERMISSION table has Login, Company_ID, Roles, etc columns in it. The Initialization Block will query on this Table and the query has a where clause in it and the Where clause "where company_id=(select substr(':USER', 0, (instr(':USER', '.')) - 1) from dual) and upper(login)=upper((select substr(':USER', (instr(':USER', '.')) + 1) from dual))) and dw_delete_date is null" from which it will get the roles for each user. And YES, the Caching is turned off for this initialization block.
  And I should try deleting the user folders, but my company has a very strict policy so I should do that in DEv, then QA and in PRD. Hope this works, but I am still not convinced why this is happening. We cannot keep on deleting the user folders in future if this happens again.

• Apache2.x and Tomcat5.0.x & Session' data

  hi everyone,
  i was just wondering how i can pass user's session data from Apache to Tomcat and visversa:
  an examples
  im restricting access to a directory secret/* with Apache Authentication on Mysql (AAOM)
  Inside that directory ther is a link to one of my servlets
  what i want is to pass the user's data already collected after the log in against AAOM (username, etc ...) to that servlet
  ill be glade for any ideas how i can perform this
  ps im using mod_jk which mean im using tomcat only as a servlet container behind apache since the most data iam serving is a static data
  Thanks in Advance
  YEL

  Hi,
  I believe that this must have been discussed somewhere but as you are saying that you could not get clear answers, please find the answers.
  In 3.x, we had Infopackages loading the data to infoproviders. In the infopackage itself, there was an option which asked you the way to update. i.e. Only to PSA, To PSA and subsequently to infoproviders, To infoproviders only. Thus, PSA was optional.
  In 7.x, PSA are mandatory and Infopackages can load the data only to PSA. DTP loads the data from PSA to infoproviders.
  DTP also provides many new options to us in BI. e.g. You can carry out delta load from PSA to infoprovider.
  Edited by: Rahul K Rai on Sep 6, 2010 3:56 PM

• Why I am not able to login by ISQL*PLUS?

  Hello any one can help me?
  I installed RHEL.4 with my pentium 3 machine with 512mb of RAM. I installed with 4 partition /,/boot, /oracle and swap partition.Linux is running pretty fine. i installed Oracle 9i release 2 successfully without any error except agent get fail. Now i skiped the DBCA database creation and created manually using OMF.Now I am not able to connect my database by using ISQL*PLUS. can i get help? as well as how to login in iSQL*PLUS as sysdba? should i configure apache induvidually if yes how to do that?

  Make sure your Apache http server is up and running, this is the entry point to your isqlplus in 9iR2
  apachectl start
  Once started, get access to the regular url to your apache home page:
  http://hostname:ApachePort/isqlplus
  investigate which one is the port used by your http server, Oracle by default sets it to 7777. This can be found at the httpd.conf configuration file.
  On the other hand, in order for you to access as isqlplusdba, this should be enabled at the isqlplus.conf file found at the $ORACLE_HOME/sqlplus/conf directory, you will find both, sqlplus and isqlplus locations declared on the same file, the second one is commented. It is configured so you provide a password by means of the regular apache authentication mechanism, it's up to you if you wan to use it or just rely on the sysdba password to gain access to your database.
  ~ Madrid.

• Block access to xcode bots on http

  I am running Mavericks Server, with the Xcode service turned on.
  I use the server to provide a regular website on port 80, using the Default Site but find that adding /xcode/ to the domain address, I can view my Xcode bots.
  I do not like the idea of anyone having unauthorised access to these.
  How can I turn this off?

  There has to be more to this question that you've asked because the simplest answer is to move the folder out of the DocumentRoot. That way no one can access it.
  However, I suspect what you really want is to restrict access to it, either to certain users, or to certain IP addresses or some such, correct?
  If that's the case the specifics will vary depending on precisely which access controls you want to implement (e.g. username/password, IP address, and so on.
  The official word on Apache authentication can be found at http://httpd.apache.org/docs/1.3/howto/auth.html, but it' a lenghty document. If you can be more specific about what you're trying to do I'm sure someone can post a more specific answer.

• Solaris 10 onboard Apache 1.3.x authenticating against PAM?

  Hi fellow admins,
  can anyone give me some hints on how to get the Apache 1.3 delivered with Solaris 10 to authenticate against the local unix files (passwd + shadow, via PAM?)
  I've grabbed mod_auth_pam, managed to compile it with some modifications to apxs and the Makefile, and Apache loads the module just fine,
  but no matter how I set up my pam.conf, I always end up with "No account present for user" in my Apache log.
  From googling for this string, I see that other people usually get a user name after "user ", which I don't - suggesting that Apache/mod_auth_pam doesn't pass the user name on to PAM?
  On a side note.. I'm considering to move on to Apache 2.2.x soon anyways - is PAM authentication any easier with that version, or will I face the same problems?
  My main reason for switching from htpasswd to PAM is the automatic account locking after X failed logins - can I get to this goal on a different route without PAM?

  Compiling Apache 1.3 with gcc on linux or unix? If you are using unix, I would be compiling with cc and not gcc. You have gcc set to compile using regular expressions and I believe that has to be specified during SunOS install as posix compliant.