Question

I've just managed to get TWiki up and running on my hosted domain (a little bit to my own amazement). RCS seems to be working OK. I can upload attachments OK. I was feeling pretty proud of myself as a total newbie when it comes to servers or cgi scripts. One last hurtle remains: authentication. I followed the directions in the installation guide - modifying and installing the htaccess file, switching out the TWikiRegistrationPub and TWikiRegistration topics and registering a new TwikiName. I even confirmed that the new member name and password were written into the htpassw file. When I then went to edit a page, I got the request for user name and pass word. So far, so good but then rather then going to the edit page, I got the following error message:

"Authorization Required This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. "

Anyone have any suggestions where I might look for my problem? Here's one more thing I noticed about the way the web server is set up that may or may not have baring: when I created the htaccess file, the server created a new directory tree called htpasswd which mirrored the twiki/data/htpasswd directory structure. Could the server be hijacking the twiki authentication request and looking for the passwords in this directory?

Thanks for any help. I'm feeling SO close to having TWiki up and running!

• TWiki version: 12.01.01
• Web server: Apache
• Server OS: Linux
• Web browser: IE 5
• Client OS: Mac OSX

-- LynnwoodBrown - 15 Mar 2002

I've been working at this problem this weekend and based on information I found in AuthenticationProblem, I at least solved the "404 Not found error" part of the error message. I needed change the url path to the OPPS script. Now I get directed to the invitation to register page when the authentication doesn't go through. Great - but I still can't get the authentication to work.

I admit that I have only a vague grasp of how to set the url path (which I've gained by trial & error) and I suspect this is where my problem lies. However, I've tried a bunch of variations based on examples I saw in the AuthenticationProblem and none seem to work.

One thing I tried was to reset the /filepathto/twiki/data/.htpasswd to reflect the htpasswd directory I mentioned above (home/htpasswd/twiki/data/.htpasswd). When I added a new member, it was recorded in both that file AND in the file residing at home/twiki/data/.htpasswd. I have no idea why this happened or what its significance is. In any case, my problem does not seem to be with recording new members and passwords (heck, now I even have it recorded in two places). However, it would seem that the authentication script does not find the htpasswd file in either place.

One other thing I've been wondering about is what is the function of the "redirect" command? I've been playing with this but with no discernable affect.

One last thing: if anyone can help me solve this, I promise to submit clarifications to the installation guide that might help other newbies like myself that run up against this.

-- LynnwoodBrown - 16 Mar 2002

Answer

Your .htaccess file should point to /home/twiki/data/.htpasswd (i.e. the file within your data directory, wherever that is). Make sure this file is mode 666 (do a chmod ugo+w .htpasswd) so that Apache can write it even as user nobody.

It would be useful to see the contents of your .htaccess file here - use <pre> ... </pre> around the text. Also, try attaching your TWiki.cfg file here, to provide some context, or just a link to testenv if it's a public site.

BTW - since you are using MacOS, have a look at SherlockAndMozillaSearching once you are up and running!

Good luck, and keep us posted

-- RichardDonkin - 17 Mar 2002

Richard - Thanks so much for the support! I've just now tried the changes you suggested to no avail. As per your suggestion, here's my most current .htaccess file:

Redirect /index.html http://64.119.173.35/twiki/bin/view.pl

AuthUserFile /home/skyloom/TWiki/data/.htpasswd
AuthName ByPassword
AuthType Basic

SetHandler cgi-script

ErrorDocument 401 /bin/oops.pl/TWiki/TWikiRegistration?template=oopsauth


<Files ~ "[^/]*\.html$">
       SetHandler blabla
       allow from all
</Files>

<Files "edit.pl">
       require valid-user
</Files>

<Files "preview.pl">
       require valid-user
</Files>

<Files "save.pl">
       require valid-user
</Files>

<Files "attach.pl">
       require valid-user
</Files>

<Files "upload.pl">
       require valid-user
</Files>

<Files "rename.pl">
       require valid-user
</Files>

<Files "installpasswd.pl">
       require valid-user
</Files>

<Files "*">
       allow from all
</Files>

(BTW - this text does not seem to be displaying properly outside of the edit mode. I tried both the pre and verbatim tags.)

Also, here's the link to my testevn: http://twiki.skyloom.com/bin/testenv.pl

Do you have any insight about the multiple .htpasswd files I spoke of? The server must have had some reason to create the extra .htpasswd directory tree.

For that matter, if anyone is so inclined to offer some "hands-on" help, I'd be glad to give full access to my site and domain. About the most valuable thing you could steal are pictures of my beautiful baby boy

Thanks again, -- LynnwoodBrown - 17 Mar 2002

The main thing I noticed here was that you are using TWiki and twiki to refer to the same directory - this doesn't work on Linux/Unix, which is case sensitive everywhere. Do have a look for Unix tutorials on the web, as they will cover this and other important points.

You need to change your .htaccess file to use /home/skyloom/twiki since that's what your testenv reports. This may be the reason Apache or TWiki gives up and has to create the .htpasswd file elsewhere.

I updated your text above to use the VERBATIM tag, which works better for text including angle brackets.

The .htpasswd from my local TWiki looks like this - the first line is a bit different, it should be the full path to your index.html file under the twiki dir, but that's probably not critical.

Redirect /twiki/index.html http://localhost/twiki/bin/view

AuthUserFile /twiki/data/.htpasswd
AuthName ByPassword
AuthType Basic

SetHandler cgi-script

ErrorDocument 401 /twiki/bin/oops/TWiki/TWikiRegistration?template=oopsauth

<Files ~ "[^/]*\.html$">
       SetHandler blabla
       allow from all
</Files>

<Files "edit">
       require valid-user
</Files>

<Files "preview">
       require valid-user
</Files>

<Files "save">
       require valid-user
</Files>

<Files "attach">
       require valid-user
</Files>

<Files "upload">
       require valid-user
</Files>

<Files "rename">
       require valid-user
</Files>

<Files "installpasswd">
       require valid-user
</Files>

<Files "*">
       allow from all
</Files>

-- RichardDonkin - 17 Mar 2002

Well, that did the trick! I now have a fully functioning TWiki site! Yahoo and thanks Richard! I'm also suitably humbled by this glaring proof of my lack of basic knowledge about unix. I've already done a google search for unix tutorials and promise not to post more request for help like this before learning some the basic unix chops. BTW, I tried using the VERBATIM tag before but I must have done something wrong. Thanks for reformating that.

I think we can declare this question "answered."

-- LynnwoodBrown - 17 Mar 2002

Good to see it's working now

-- RichardDonkin - 18 Mar 2002

A comment way after the fact. I had this exact problem. As far as I can tell the key to solving it was using localhost in the redirect and I had the FILE path in the AuthUserFile not the URL path. I also think httpd must be restarted between tests.

-- KenKoftan - 09 Apr 2004