[SOLVED] incredibly lost

[Jago6060]

I'm very new to linux.  I have a project that I'm working on and I'm not entirely sure where to start.  Here is my task.

 

"Using Apache, install a secure (encrypted) using ** Apache's (passworded) WWW server that will only allow Tom and Harry with a password of test to access documents on the server. (Any OS). I suggest open SSL....

 

** PHP or other password scripts are NOT acceptable."

 

I'm doing this on Slackware 11.  I also have Slax Server if anyone thinks it would be easier to do this task on there.  Any help would be greatly appreciated!

[effigy]

Are you new to Unix as well? If so, this may prove a daunting task until your familiarize yourself with the Unix basics.

 

What have you tried? Have you went through the docs?

 

SSL: http://httpd.apache.org/docs/2.2/ssl/

Authentication: http://httpd.apache.org/docs/2.2/howto/auth.html

[Jago6060]

Yes,  I'm actually starting on linux, slackware is the only distro I've used thus far.  I can do basic things like OS setup, partitioning, and I've done packet forwarding in the past but thats about it. I had looked on www.apache.org but I wasn't entirely sure what I needed to be looking for.

[steviewdr]

I think "slapt" is the package manager for slackware.

 

Is apache on the server?

If not -> slapt-get install apache2

To get apache with ssl, you'll have to do something like:

slapt-get install libssl

 

Is htpasswd installed/working? Apache may need to be installed for this tool to be available.

 

-steve

[Jago6060]

I'm using Slackware 11 so apache is already installed and started and has ssl.  htpasswd works

[derwert]

Read this and that should get you going:

http://weavervsworld.com/docs/other/passprotect.html

 

[Jago6060]

thank you so much for that tutorial, it's the best one I've seen.  My next question is how do I go about testing and making sure this works?

 

I put my .htaccess file in my /var/www folder to protect those files and it's sub-directories, and I have my .htpasswd file in /usr/local.

[effigy]

When browsing to that directory, its subdirectories, or files, you should get a pop-up requesting a user name and password.

[Jago6060]

I don't get any popup when I browse with any of the computer's users.  I don't know if it makes a difference but I restarted httpd just in case that was hindering anything.  .htaccess and .htpasswd do not need to be in any specific directory right?  .htaccess just needs to be in the file it's going to protect?

 

here is the contents of my .htaccess file

 

AuthUserFile /usr/local/passwords/.htpasswd
AuthType Basic
AuthName Protected
Require valid-user

 

I have 2 users, Tom and Harry, who are supposed to be the only ones with access to the files is the /var/www folder

[effigy]

.htpasswd, no. The .htaccess file should reside in the directory that it applies to. Also, make sure overrides are allowed.

[Jago6060]

so I just need to add a line that says

 

AllowOverride All

 

Correct?  And does it matter where the line goes in .htaccess?

[effigy]

That goes in the main configuration file (unless it can actually affect .htaccess files in subdirectories--I'm not sure). All is the default, so if you don't have a line limiting the overrides, you don't need it. Double check all your Directory directives to see if they have an AllowOverride line.

[Jago6060]

I have a section in my httpd.conf file that looks like this...

 

<Directory>
     Options FollowSymLinks
     AllowOverride None
</Directory>

 

and there is also just a single line within a <Directory> block that says

 

AllowOverride None

 

do I change both?

[effigy]

I don't think Directory can be empty--do you mean <Directory />? Configuration differences are handled from least-specific to most.