[mythtv-users] mythweb not asking for passwords

Joe Ripley vitaminjoe at gmail.com
Thu Aug 20 15:48:41 UTC 2009 

On Thu, Aug 20, 2009 at 12:04 AM, Scott Macdonell<genius9976 at yahoo.com> wrote:
> I followed the instructions for securing mythweb from http://www.mythtv.org/wiki/MythWeb#Apache_Configuration to the T. I just reinstalled this backend about 2 weeks ago, and I thought I'd had mythweb password protected. I could have been wrong, but I also first noticed my problem suspiciously soon after an update. At first I just noticed it was only asking for a password when I tried to use mythweb on my backend machine. It would NOT require a password to log from any other remote location. I've done a bunch of messing with the Directory settings under httpd.conf, and nothing seems to have made any difference. Now I am even further from where I started as it doesn't even ask for a password when I log on from localhost. Anyway the stuff I added to /etc/httpd/conf/httpd.conf is below. I included some of the stuff that was already there so that somebody could tell me if I had put it in the wrong place.
>
>
> <Directory "/var/www/html">
>
> #
> # Possible values for the Options directive are "None", "All",
> # or any combination of:
> #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
> #
> # Note that "MultiViews" must be named *explicitly* --- "Options All"
> # doesn't give it to you.
> #
> # The Options directive is both complicated and important.  Please see
> # http://httpd.apache.org/docs/2.2/mod/core.html#options
> # for more information.
> #
>    Options Indexes FollowSymLinks
>
> #
> # AllowOverride controls what directives may be placed in .htaccess files.
> # It can be "All", "None", or any combination of the keywords:
> #   Options FileInfo AuthConfig Limitasking
> #
>    AllowOverride All
>
> #
> # Controls who can get stuff from this server.
> #
>    Order allow,deny
>    Allow from all
>
> </Directory>
>
> <Directory "/var/www/html/mythweb">
>    Options Indexes FollowSymLinks
>    AuthType Basic
>    AuthName "MythTV"
>    AuthUserFile /etc/httpd/conf/httpd-passwords
>    Require user scott
>    Order allow,deny
>    Allow from all
> </Directory>
>
> Also, when I restart apache i get
>
> [root at mythback scott]# service httpd restart
> Stopping httpd:                                            [  OK  ]
> Starting httpd: httpd: apr_sockaddr_info_get() failed for mythback
> httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
>                                                           [  OK  ]
>
>
> I'm not sure if those are problems or not. Also, Nothing really jumps out at me in /var/log/httpd/error_log It all just looks like:
>
> [Thu Aug 20 00:41:16 2009] [notice] caught SIGTERM, shutting down
> [Thu Aug 20 00:41:32 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> [Thu Aug 20 00:41:47 2009] [notice] Digest: generating secret for digest authentication ...
> [Thu Aug 20 00:41:47 2009] [notice] Digest: done
> [Thu Aug 20 00:41:47 2009] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
> [Thu Aug 20 00:41:47 2009] [notice] mod_python: using mutex_directory /tmp
> [Thu Aug 20 00:41:48 2009] [notice] Apache/2.2.11 (Unix) DAV/2 PHP/5.2.9 mod_python/3.3.1 Python/2.6 mod_ssl/2.2.11 OpenSSL/0.9.8k-fips mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations
>
> Thanks for any help you can give.

It probably has something to do with that 'Allow from all' directive
in your <Directory "/var/www/html/mythweb"> block.  Try removing that
line...

-- 
Joe Ripley
vitaminjoe at gmail.com

More information about the mythtv-users mailing list