Apache basic authentication not working

Alan Dayley alandd at consultpros.com
Mon Apr 20 14:56:45 MST 2009 

We are using the ViewVC tool[1] as a web interface for browsing CVS
and Subversion repositories.  Been working wonderfully for a long
time.  Recently we wanted to limit the access to browse the source.
We want to do this with Apache's basic authentication capability.  All
a great plan.

On Red Hat Enterprise Linux 5 the configuration of Apache is
controlled by configuration files in /etc/httpd/conf.d.  Every file in
that directory whose name ends in .conf is read as an Apache
configuration file.  For example, our server has files like
apcupsd.conf perl.conf ssl.conf twiki.conf and so on.  All of them are
read in alphabetical order and "concatenate" to make the Apache
configuration.

The viewvc.conf file is shown below.  The attempt is to require a user
password for all access to ViewVC.  The authentication points at the
user file for Subversion so if you have Subversion access, you have
repository browsing access.  The user file works fine for Subversion
as defined in a separate subversion.conf file.

The painful part is that the configuration does not work.  Navigating
to the ViewVC URL always results in displaying the interface and
information.  Apache never asks for the authentication.  Here is what
I have tried:

- Rename the viewvc.conf file to viewvc.DISABLED, restart Apache, URL
now returns 404 not found, as it should

- Edit viewvc.conf to put an invalid directive in the <Location>
block, restart Apache, Apache fails to start because of a
configuration error.  This proves that the viewvc.conf file is being
read.

- Navigated to the URL using MS Internet Explorer, which I normally
never use.  The page loads normally without asking for a password
proving it is not a browser caching issue with Firefox.

So the file is being read but it is not working at all.  Do any of you
see something obviously wrong with the viewvc.conf contents below?  Do
you have any other things I could try?

---[begin viewvc.conf]---

ScriptAlias /viewvc /var/www/cgi-bin/viewvc.cgi
ScriptAlias /query /var/www/cgi-bin/query.cgi
Alias /viewvc-static /var/www/viewvc

<Directory /var/www/viewvc>
  Order allow,deny
  Allow from all
</Directory>

<Directory /var/www/cgi-bin>
  Order allow,deny
  Allow from all
</Directory>

<Location /viewcvs>
  AuthType Basic
  AuthName "Subversion ID"
  AuthUserFile /etc/svn-auth-file
  Require valid-user
</Location>

<Location /query>
  AuthType Basic
  AuthName "Subversion ID"
  AuthUserFile /etc/svn-auth-file
  Require valid-user
</Location>

---[end viewvc.conf]---

Alan

[1]http://viewvc.tigris.org/servlets/ProjectHome

More information about the PLUG-discuss mailing list