LuKreme wrote:
any file named .ht* is never served by apache, and there's really nowhere else
to place the .htdavpass file.
What do you mean there is nowhere else ?
What about under /usr/local/www, and name it example.com.davpasswd for
instance. At least it would not be directly under your DocumentRoot, in
an area potentially accessible by users.
Apache will never serve a file starting with a dot, maybe.
But since you have the / locations open to DAV, have you checked if
someone (authenticated) can upload a file called .htdavpass ?
Or download it through DAV ?
(I don't know the answer, but it might be interesting)
Now about the rest :
...
The .htdavpass file for the second domain contains the user jeans and a
password and was setup with the command
htpasswd -bc /usr/local/www/jenandersontarver.com/.htdavpass jeans
<PASSWORD>
but then :
<location />
...
AuthUserFile /usr/local/www/example.net/.htdavpass
So it is not really surprising if user jeans cannot acces a site for
which the password file is not the same as the one user jeans' password
was created in, is it ?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [email protected]
" from the digest: [email protected]
For additional commands, e-mail: [email protected]
