Michael Hekeler <mich...@hekeler.com> writes: > Whats wrong with the manpage? > > [no] authenticate [realm] with htpasswd > Authenticate a remote user for realm by checking the > credentials against the user authentication file htpasswd. > The file name is relative to the chroot and must be > readable by the www user. Use the no authenticate directive > to disable authentication in a location. > Authenticate a remote user for realm by checking the > credentials against the user authentication file htpasswd. > The file name is relative to the chroot and must be readable > by the www user. Use the no authenticate directive to disable > authentication in a location. > > > >> I read it totally differently, that the htpasswd is a location to a >> file and not just a declaration to look for a file in the current dir >> named htpasswd etc. > > The htpasswd IS a file: > location "/*" { authenticate with "/htpasswd" } > > In this example the passwordfile is named "htpasswd" and is in /var/www > (Note that httpd(8) is chrooted by default)
I think he meant possible confusion over whether "htpasswd" is the literal/only name of the file, or a stand-in name for "any file name I choose" e.g. if my password file was named "foo" then the directive would be authenticate [realm] with foo. I could see it being interpreted that way, anyway. Allan