That didn't work; it still allows any user to go to the site without
any userid/password prompt. Is there anything else I can try?
Thanks,
Jim
Holger Reif wrote:
>
> Remove +FakeBasicAuth option.
> YOu can't use Basic Authentication and sinmple cert based client
> authentication (what +FakeBasicAuth does) together since the
> latter overrides the former mechanism.
>
> Jim Tay schrieb:
> >
> > Hi,
> >
> > I have mod_ssl-2.3.5.-1.3.6 running on apache-1.3.6 with openSSL-0.9.3a
> > (all the latest stuff as far as I'm aware) running on RedHat 5.2
> >
> > I have a discussion board that I'm trying to enable user-authentication
> > on, but I can't seem to get my SSL-enabled web site to recognize my
> > .htaccess files. I have created the same discussion site with the same
> > .htaccess files in a non-SSL part of my web site and it works; a popup
> > window prompts the user for name and password when they try to access
> > the discussion board. When I access the discussion board on the
> > SSL-enabled site, it just goes straight into the site without the popup
> > appearing.
> >
> > Here's my .htaccess file:
> > --------------
> > AuthUserFile /home/.htpasswd
> > AuthGroupFile /home/.htgroup
> > AuthName "Restricted Forum"
> > AuthType Basic
> > require group it-team
> > --------------
> >
> > Here's my httpd.conf file (only the uncommented SSL stuff):
> > --------------
> > <IfDefine SSL>
> > <VirtualHost _default_:443>
> >
> > SSLEngine on
> > SSLCertificateFile /etc/httpd/conf/ssl.crt/ursa.cer
> > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/ursa.key
> >
> > SSLOptions +FakeBasicAuth
> >
> > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> > CustomLog /etc/httpd/logs/ssl_request_log \
> > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> >
> > </VirtualHost>
> >
> > </IfDefine>
> > --------------
> >
> > I thought using the FakeBasicAuth option would do it, but it's not
> > working. Do I need to use the SSLRequire directive? It seemed too
> > complicated for a newbie like me to tackle.
> >
> > I've looked through the manual and searched the mailing list but I
> > haven't been able to find a solution that works for me. Do you have any
> > ideas?
> >
> > Thanks!
> > Jim Tay
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>
> --
> Holger Reif Tel.: +49 361 74707-0
> SmartRing GmbH Fax.: +49 361 7470720
> Europaplatz 5 [EMAIL PROTECTED]
> D-99091 Erfurt WWW.SmartRing.de
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
