You are here

Reactie toevoegen

Apache2 on Ubuntu 12.04 Basic Auth: password mismatch

The default instructions to have basic http authentication failed on Ubuntu 12.04 Precise Pangolin. The reason seems to be that the htpasswd tool produces MD5 hashes by default, while the default apache2 installation on Ubuntu 12.04 expects SHA1 hashes. The symptoms are that login attempts always result in password mismatch:

[Fri Aug 17 13:45:52 2012] [error] [client] user admin: authentication failure for "/": Password Mismatch, referer: http://localhost/login/

To fix this use the -s option with htpasswd:
htpasswd -s /path/to/htpasswd/file username

For completeness, you need to define your Directory or LocationMatch in the site configuration to be like this:

   <LocationMatch /[^/]+/login>
      AuthType Basic
      AuthName "Trac login"
      AuthUserFile /var/trac/.passwd
      Require valid-user

The command to create the initial user would be:
htpasswd -s -c /var/trac/.passwd admin

Don't forget to make sure only the user www-data (or the user running apache if you don't use the Debian/Ubuntu default) can read the password file:
sudo chown www-data /var/trac/.passwd
sudo chmod 600 /var/trac/.passwd

And to add additional users or change password later on:
htpasswd -s /var/trac/.passwd johnsmith