Password protect directory with Apache: "couldn't check user. Check your authn provider!"

Question

I am trying to password protect a web directory with apache. I have the site set up like this:

D:/
   webapp/
      lib/
         .htpasswd
   document_root/
      admin/
         index.php
         .htaccess

The .htaccess has:

AuthName "Authorization Required" 
AuthType Basic 
AuthUserFile D:\webapp\lib\.htpasswd
require valid-user

And the .htpasswd has:

user:passworddigest

When I try to access localhost/index.php in the browser I get a 500 error. The apache error log has this:

["date"] [crit] [client "ip"] configuration error:  couldn't check user.  Check your authn provider!: /admin/

I have googled but I can't figure out what this error means in the context of my server. Anyone know what's up? Also, it would solve my problem if someone had a simple method of using apache for authenticating a web directory on a windows server.

Can the apache server (and the user it's running under) read D:\webapp\lib\.htpasswd? — EightBitTony, Jun 19 '11 at 19:11
Do any of these answers answer your question? (If so, please mark it as such ^_^) — lmat - Reinstate Monica, Jun 19 '15 at 12:48

score 1 · Answer 1 · answered Jun 19 '11 at 20:47

1

If it is not a permissions problem like Jim B suggested above (I also suspect that) you might not have loaded the authn module in Apache - mod_authn. I do not know how to do that in Windows but I am pretty sure if you google around you will find out how it's done.

answered Jun 19 '11 at 20:47

danakim

410
2
8

Doesn't seem like a permissions problem, but I'll look into this. Thanks. – Explosion Pills Jun 19 '11 at 22:27

score 0 · Answer 2 · answered Jun 21 '11 at 04:30

I think you have wrong auth-type (AuthType Basic) in your .htaccess, looking at your .htpasswd it tells me that the password is setup by htdigest & not htpasswd (correct me if I am wrong) and hence the configuration error.

To solve this, try the following .htaccess info & the problem should go away:

AuthName "Authorization Required" 
AuthType Digest
AuthUserFile D:\webapp\lib\.htpasswd
require valid-user

But I would suggest you to use the above method, since the password is transmitted inMD5 Digestin the network whereasAuthType Basic` transfer the password in a clean text.

But, if you insist to have AuthType Basic then, try the following .htaccess:

AuthName "Authorization Required" 
AuthType Basic
AuthUserFile D:\webapp\lib\.htpasswd
require valid-user

& create the htpassword from following link:

http://www.htaccesstools.com/htpasswd-generator/

and update your .htpasswd file.

Thanks for the suggestion. I'll give it a try but I don't think this is the problem since I'm getting a 500 instead of just a bad password. — Explosion Pills, Jun 21 '11 at 13:20

pkout · Answer 3 · 2013-03-25T20:24:35.743

0

I haven't done this on Windows, but try to enable the auth_digest module in your httpd.conf file by uncommenting this line in it, if it's commented out. I know it's disabled by default:

LoadModule auth_digest_module modules/mod_auth_digest.so

edited Mar 25 '13 at 20:24

answered Mar 25 '13 at 18:17

pkout

195
2
8

Oh, I didn't notice that. Okay, then I would go to the httpd.conf file and try to find a line with this and uncomment it if it's commented out: LoadModule auth_digest_module modules/mod_auth_digest.so. Not sure as I run on Linux, but in theory this should work. – pkout Mar 25 '13 at 20:19

Password protect directory with Apache: "couldn't check user. Check your authn provider!"

3 Answers3