Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Apache 2.4 "..authentication failure..:Password Mismatch"

Tags:

authentication

apache

.htaccess

.htpasswd

I am running Apache 2.4 in Windows Server 2008 R2. I am attempting to password protect a subdirectory and successfully did so in Apache 2.0. After upgrading I took Apache's advice and am attempting to put the authentication config in httpd.config. I am allowing the reading of the password file and everything appears to be in order, but when I test it I get the following error:

[Mon Apr 01 19:58:36.438476 2013] [auth_basic:error] [pid 3984:tid 788] [client xxx.yyy.254.2:49253] AH01617: user master: authentication failure for "/restricted/file.zip": Password Mismatch

However, I know that I am sending the correct password. See below for my config, any comments are helpful. 

<Directory "C:/www/mydir/restricted">
    #AllowOverride AuthConfig
    #Order allow,deny
    #Allow from all
    AuthType Basic
    AuthName Restricted
    AuthUserFile "C:/www/mydir/passwords/pass"
    Require valid-user
</Directory>  
<Directory "C:/www/mydir">
    Require all granted
</Directory>  
<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot "C:/www/mydir"
    ServerName "fakeurl.com"
    ErrorLog "C:/www/mydir/logs/error.log"
    CustomLog "C:/www/mydir/logs/accesslog/access.log" common
</VirtualHost>  
<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot "C:/www/mydir"
    ServerName "www.fakeurl.com"
    ErrorLog "C:/www/mydir/logs/error.log"
    CustomLog "C:/www/mydir/logs/accesslog/access.log" common
</VirtualHost>
like image 332
user1991179 Avatar asked Apr 01 '13 20:04

user1991179

2 Answers

I just had the same issue, was driving me nuts for the last hour. I can confirm that Steve's suggestion to enter the password in the command line works - so in my case "htpasswd -b passwordfile user password" did the trick.

Here is the relevant bug report at Apache.

like image 186
Eddy Avatar answered Sep 21 '22 08:09

Eddy

Did you create your password with 'htpasswd'?

htpasswd in httpd-2.4.4 is broken (https://issues.apache.org/bugzilla/show_bug.cgi?id=54735).

As I understand it, the problem is specific to htpasswd in httpd-2.4.4, and only occurs if you enter the password manually, so you can work around the issue by doing one of:

  • supply the password on the command line (e.g. "htpasswd -b .htpasswd user password");
  • use the version of htpasswd out of httpd-2.4.3;
  • use Digest Authentication instead of Basic Authentication (htdigest isn't affected);
  • wait until httpd-2.4.5 is released;
  • apply the patch in the bug report (which seems to work) and rebuild htpasswd from source.
like image 36
Steve Bennett Avatar answered Sep 18 '22 08:09

Steve Bennett
Sign in to Comment

Related questions

Apache not working after macOS Mojave update
Save file with file_put_contents in folder
apache in xampp won't turn on - after it worked before
How do you configure the Apache server which ships Mac OS X?
htaccess redirect only if domain matches
Remove query strings from 301 redirect
curl command return http/1.1 406 not acceptable error
Adding parameter to HttpPost on Apache's httpclient
How to find out the time apache was last restarted? [closed]
Access emails using imap
Multiple PHP version with Apache on CentOS 7
GWT vs Apache Wicket
How to check if mod_wsgi is installed on a shared Apache server?
How to force rewrite to HTTPS except for a few pages in Apache?
.htaccess basic auth by virtual host?
JRE_HOME variable missing with Tomcat (win7)
mod_rewrite - add www
Setting user agent in Java httpclient and allow redirects to true
Trouble starting tomcatv7 via Eclipse Kepler
Laravel Not loading inner pages in Ubuntu -- Not found with 404

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!