Password protect directory with Apache: "couldn't check user. Check your authn provider!"

Question

I am trying to password protect a web directory with apache. I have the site set up like this:

D:/
   webapp/
      lib/
         .htpasswd
   document_root/
      admin/
         index.php
         .htaccess

The .htaccess has:

AuthName "Authorization Required" 
AuthType Basic 
AuthUserFile D:\webapp\lib\.htpasswd
require valid-user

And the .htpasswd has:

user:passworddigest

When I try to access localhost/index.php in the browser I get a 500 error. The apache error log has this:

["date"] [crit] [client "ip"] configuration error:  couldn't check user.  Check your authn provider!: /admin/

I have googled but I can't figure out what this error means in the context of my server. Anyone know what's up? Also, it would solve my problem if someone had a simple method of using apache for authenticating a web directory on a windows server.

Can the apache server (and the user it's running under) read D:\webapp\lib\.htpasswd? — EightBitTony, Jun 19 '11 at 19:11
Do any of these answers answer your question? (If so, please mark it as such ^_^) — lmat - Reinstate Monica, Jun 19 '15 at 12:48

score 0 · Answer 1 · answered Jun 19 '11 at 20:47

0

If it is not a permissions problem like Jim B suggested above (I also suspect that) you might not have loaded the authn module in Apache - mod_authn. I do not know how to do that in Windows but I am pretty sure if you google around you will find out how it's done.

answered Jun 19 '11 at 20:47

danakim

392
2
9

Doesn't seem like a permissions problem, but I'll look into this. Thanks. – Explosion Pills Jun 19 '11 at 22:27

pkout · Answer 2 · 2013-03-25T20:24:35.743

0

I haven't done this on Windows, but try to enable the auth_digest module in your httpd.conf file by uncommenting this line in it, if it's commented out. I know it's disabled by default:

LoadModule auth_digest_module modules/mod_auth_digest.so

edited Mar 25 '13 at 20:24

answered Mar 25 '13 at 18:17

pkout

220
3
8

Oh, I didn't notice that. Okay, then I would go to the httpd.conf file and try to find a line with this and uncomment it if it's commented out: LoadModule auth_digest_module modules/mod_auth_digest.so. Not sure as I run on Linux, but in theory this should work. – pkout Mar 25 '13 at 20:19

score -1 · Answer 3 · answered Jun 21 '11 at 04:30

I think you have wrong auth-type (AuthType Basic) in your .htaccess, looking at your .htpasswd it tells me that the password is setup by htdigest & not htpasswd (correct me if I am wrong) and hence the configuration error.

To solve this, try the following .htaccess info & the problem should go away:

AuthName "Authorization Required" 
AuthType Digest
AuthUserFile D:\webapp\lib\.htpasswd
require valid-user

But I would suggest you to use the above method, since the password is transmitted inMD5 Digestin the network whereasAuthType Basic` transfer the password in a clean text.

But, if you insist to have AuthType Basic then, try the following .htaccess:

AuthName "Authorization Required" 
AuthType Basic
AuthUserFile D:\webapp\lib\.htpasswd
require valid-user

& create the htpassword from following link:

http://www.htaccesstools.com/htpasswd-generator/

and update your .htpasswd file.

Thanks for the suggestion. I'll give it a try but I don't think this is the problem since I'm getting a 500 instead of just a bad password. — Explosion Pills, Jun 21 '11 at 13:20
Digest authentication is only marginally better for security than basic authentication, that is not the issue here. Both use the same password hashing. The difference is in the data exchange across the wire. — symcbean, Jun 26 '23 at 10:59

Password protect directory with Apache: "couldn't check user. Check your authn provider!"

3 Answers3