Trying to password protect a directory with Apache on Centos but it's not working. :(

I used cPanel to create the user/pass details, which exist at:
/home/user/.htpasswds/my-secret-dir/passwd

I then had to manually create /home/user/my-secret-dir/.htaccess which looks like this:

AuthType Basic
AuthName "My Secret Directory"
AuthUserFile "/home/user/.htpasswds/my-secret-dir/passwd"
require valid-user

But now it just keeps prompting for the login details, even when I'm definitely entering the correct ones.

I've got a working password protected directory for another domain on the same server, created about a year ago, and that all works fine still.

Any ideas what's up and how to fix?

Is there a reason why you're creating the .htaccess file manually? I hate cPanel, I really do, but it should be able to do that for you. I can't remember how, but it seemed reasonably obvious back when we had it here when we were on EuroVPS.

But anyway, tail / view the Apache error.log, it will tell you what's wrong and whether or not it's an authentication failure or if it can't find or read the passwd file. If Apache can't find or read the passwd file, it will still ask for authentication which can be confusing.

Yeah, it didn't create the .htaccess file for me, so I did it manually. No idea if that was related to this problem, or a separate quirk.

And I feel foolish - my response to questions like this is usually "check the logs" :(

[Sat Oct 15 17:29:15 2011] [error] [client X] (13)Permission denied: Could not open password file: /home/user/.htpasswds/my-secret-dir/passwd
[Sat Oct 15 17:29:15 2011] [error] [client X] user wibble not found: /secret-path/index.html

The .htpasswds directory wasn't letting Apache in - I fixed that and it now works.

Thanks. :)

Wouldn't be surprised if it was related to the same permission issue. I'm betting your home / web dir permissions exclude the user cPanel runs as that's why it didn't create the .htpasswd file.

I know cPanel runs it's own separate installation of Apache but I can't remember if it runs as the same Apache user or as a "cpanel" user. I would imagine the latter as it seems silly to run as the normal Apache user as it would have to have special permissions to allow user creation and such like.

Yeah, makes sense. I think the permissions for that user/domain got a bit screwed up a while back - most of them are owned by user:user, except where they've been explicitly fixed.

And yes, there are distinct apache and cpanel users.


...oh, and I just found this reply sitting here unposted. :S No idea if I was going to write anything else in it. Oh well.

I just had an odd situation - the directory had stopped letting people in.

Turned out the /home/user/.htpasswds directory had disappeared (thus the passwd file wasn't loaded and user was unrecognised).

After poking around, I found it at /home/user/.neomail/.htpasswds - no idea how it got inside there. :?