Thanks for the reply. This issue was worked out already thanks to another user
on the misc board. I appreciate the info on the RFC, I never looked that up -
I never even thought to tbh as was just trying to do it from the man page.
Well, who knows - I just read that section of the man page quite differently -
a rewritten version from another guy made me understand it properly. Some man
pages are just confusing and some are clear and simple, with excellent examples
to explain something. Anyway, that is some good info on the realm stuff - I'll
look into that.
Regards.
> Am Sat, 16 Sep 2017 08:35:59 -0400
> schrieb "tec...@protonmail.com" <tec...@protonmail.com>:
>
>> You are a legend. Got it working with that!
>>
>> Thank you so much, saved me a bigger headache!
>>
>> p.s. Still, looking at the man page that really is not obvious where
>> it mentions [realm] and [htpasswd].
>
> Whats wrong with the manpage?
>
> [no] authenticate [realm] with htpasswd
> Authenticate a remote user for realm by checking the
> credentials against the user authentication file htpasswd.
> The file name is relative to the chroot and must be
> readable by the www user. Use the no authenticate directive
> to disable authentication in a location.
> Authenticate a remote user for realm by checking the
> credentials against the user authentication file htpasswd.
> The file name is relative to the chroot and must be readable
> by the www user. Use the no authenticate directive to disable
> authentication in a location.
>
>> I read it totally differently, that the htpasswd is a location to a
>> file and not just a declaration to look for a file in the current dir
>> named htpasswd etc.
>
> The htpasswd IS a file:
> location "/*" { authenticate with "/htpasswd" }
>
> In this example the passwordfile is named "htpasswd" and is in /var/www
> (Note that httpd(8) is chrooted by default)
>
>> I wonder where did "Secure Area" came from too,
>> "realm" is mentioned but I had not a clue what it even was. I still
>> don"t.
>
> From RFC 1945 (HTTP/1.0) and RFC 2617 (HTTP Authentication referenced
> by HTTP/1.1):
> The realm attribute (case-insensitive) is required for all
> authentication schemes which issue a challenge. The realm value
> (case-sensitive), in combination with the canonical root URL of the
> server being accessed, defines the protection space. These realms allow
> the protected resources on a server to be partitioned into a set of
> protection spaces, each with its own authentication scheme and/or
> authorization database. The realm value is a string, generally assigned
> by the origin server, which may have additional semantics specific to
> the authentication scheme.
>
> In short, pages in the same realm should share credentials. If your
> credentials work for a page with the realm "My Realm", it should be
> assumed that the same username and password combination should work for
> another page with the same realm.
>
>> I cannot stand the man page for httpd.conf - so much
>> frustration for me.
>
> If you have concrete questions then ask.
> My experience is that someone on the list will try to help.
> But by now: ... what is your question?
