Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Apache>
  3. Users
Cannot authenticate (after six years)
andrew.hoff at bigpond
Jul 20, 2023, 6:07 AM
Post #1 of 11 (352 views)
Permalink
Hello,

Strange problem. Everything was going great for at least six years then
all of a sudden authentication using port 80 failed. Authentication
using port 443 works fine.
I first noticed the problem because apache no longer creates the
REMOTE_USER env variable. I want authentication using port 80, i.e.
plain vanilla http.

httpd.conf attached. See line 169. (httpd service is running.) 
If I enter the following url it should bring up a login box:
http://172.18.0.20/~hoff (It no longer does.)
Error_log: [Thu Jul 20 21:39:57.913337 2023] [core:error] [pid 3460:tid
3522] (13)Permission denied: [client 172.18.0.97:54422] AH00035: access
to /~hoff/index.html denied (filesystem path
'/home/hoff/public_html/index.html') because search permissions are
missing on a component of the path

I rebuilt the server and am using fedora 38 fully updated. Problem
still persists. 

FYI only (netstat -nap | grep httpd):
tcp 0 0 172.18.0.20:80 0.0.0.0:* LISTEN 3456/httpd
tcp 0 0 172.18.0.20:443 0.0.0.0:* LISTEN 3456/httpd
tcp6 0 0 fec0::ac12:14:443 :::* LISTEN 3456/httpd
tcp6 0 0 fec0::ac12:14:80 :::* LISTEN 3456/httpd

Regards,
--
Andrew Hoff
6/10 Middle Road
Maribyrnong 3032
Victoria, AU
Tel: 0393185581 (Please leave a message.)
Mob: 0400966178
Email: andrew.hoff@bigpond.com

Attached Files:

Re: Cannot authenticate (after six years) [ In reply to ]
covener at gmail
Jul 20, 2023, 6:28 AM
Post #2 of 11 (352 views)
Permalink
On Thu, Jul 20, 2023 at 9:08?AM Andrew Hoff
<andrew.hoff@bigpond.com.invalid> wrote:
>
> Hello,
>
> Strange problem. Everything was going great for at least six years then all of a sudden authentication using port 80 failed. Authentication using port 443 works fine.
> I first noticed the problem because apache no longer creates the REMOTE_USER env variable. I want authentication using port 80, i.e. plain vanilla http.
>
> httpd.conf attached. See line 169. (httpd service is running.)
> If I enter the following url it should bring up a login box: http://172.18.0.20/~hoff (It no longer does.)
> Error_log: [Thu Jul 20 21:39:57.913337 2023] [core:error] [pid 3460:tid 3522] (13)Permission denied: [client 172.18.0.97:54422] AH00035: access to /~hoff/index.html denied (filesystem path '/home/hoff/public_html/index.html') because search permissions are missing on a component of the path
>
> I rebuilt the server and am using fedora 38 fully updated. Problem still persists.
>
> FYI only (netstat -nap | grep httpd):
> tcp 0 0 172.18.0.20:80 0.0.0.0:* LISTEN 3456/httpd
> tcp 0 0 172.18.0.20:443 0.0.0.0:* LISTEN 3456/httpd
> tcp6 0 0 fec0::ac12:14:443 :::* LISTEN 3456/httpd
> tcp6 0 0 fec0::ac12:14:80 :::* LISTEN 3456/httpd
>

Browser refusing to use basic auth? Try a command-line HTTP client.
Is your desktop managed centrally?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Cannot authenticate (after six years) [ In reply to ]
flo at flo-films
Jul 20, 2023, 7:02 AM
Post #3 of 11 (352 views)
Permalink
Using Chrome? Open a new tab and enter
chrome://policy

If the policy BasicAuthOverHttpEnabled is set to false that would be an explanation.


Am 20. Juli 2023 15:28:12 MESZ schrieb Eric Covener <covener@gmail.com>:
>On Thu, Jul 20, 2023 at 9:08?AM Andrew Hoff
><andrew.hoff@bigpond.com.invalid> wrote:
>>
>> Hello,
>>
>> Strange problem. Everything was going great for at least six years then all of a sudden authentication using port 80 failed. Authentication using port 443 works fine.
>> I first noticed the problem because apache no longer creates the REMOTE_USER env variable. I want authentication using port 80, i.e. plain vanilla http.
>>
>> httpd.conf attached. See line 169. (httpd service is running.)
>> If I enter the following url it should bring up a login box: http://172.18.0.20/~hoff (It no longer does.)
>> Error_log: [Thu Jul 20 21:39:57.913337 2023] [core:error] [pid 3460:tid 3522] (13)Permission denied: [client 172.18.0.97:54422] AH00035: access to /~hoff/index.html denied (filesystem path '/home/hoff/public_html/index.html') because search permissions are missing on a component of the path
>>
>> I rebuilt the server and am using fedora 38 fully updated. Problem still persists.
>>
>> FYI only (netstat -nap | grep httpd):
>> tcp 0 0 172.18.0.20:80 0.0.0.0:* LISTEN 3456/httpd
>> tcp 0 0 172.18.0.20:443 0.0.0.0:* LISTEN 3456/httpd
>> tcp6 0 0 fec0::ac12:14:443 :::* LISTEN 3456/httpd
>> tcp6 0 0 fec0::ac12:14:80 :::* LISTEN 3456/httpd
>>
>
>Browser refusing to use basic auth? Try a command-line HTTP client.
>Is your desktop managed centrally?
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
Re: Cannot authenticate (after six years) [ In reply to ]
dferradal at apache
Jul 26, 2023, 12:17 PM
Post #4 of 11 (339 views)
Permalink
httpd.conf attached. See line 169. (httpd service is running.)
>>> If I enter the following url it should bring up a login box: http://172.18.0.20/~hoff (It no longer does.)
>>> Error_log: [Thu Jul 20 21:39:57.913337 2023] [core:error] [pid 3460:tid 3522] (13)Permission denied: [client 172.18.0.97:54422] AH00035: access to /~hoff/index.html denied (filesystem path '/home/hoff/public_html/index.html') because search permissions are missing on a component of the path
>>>
>> AH00035: access to /~hoff/index.html denied (filesystem path
'/home/hoff/public_html/index.html') because search permissions are missing
on a component of the path

-

Perhaps /home has different permissions that do not allow apache
user travel to /home/hoff/public_html/index.html or perhaps your umask
is more restrictive generating directories.




--
Daniel Ferradal
HTTPD Project
#httpd help at Libera.Chat
Re: Cannot authenticate (after six years) [ In reply to ]
jfclere at gmail
Jul 28, 2023, 9:40 AM
Post #5 of 11 (337 views)
Permalink
On 7/20/23 15:07, Andrew Hoff wrote:
> Hello,
>
> Strange problem. Everything was going great for at least six years then
> all of a sudden authentication using port 80 failed. Authentication
> using port 443 works fine.

Probably something is defined in the 443 VirtualHost and not in 80 one..

SElinux would block both port and not only 80, but that is worth
checking. Check if enable, if yes put a permissive mode and retry.

> I first noticed the problem because apache no longer creates the
> REMOTE_USER env variable. _I want authentication using port 80, i.e.
> plain vanilla http._
>
> httpd.conf attached. See line 169. (httpd service is running.)
> If I enter the following url it should bring up a login box:
> http://172.18.0.20/~hoff <http://172.18.0.20/~hoff> (It no longer does.)
> Error_log: [Thu Jul 20 21:39:57.913337 2023] [core:error] [pid 3460:tid
> 3522] (13)Permission denied: [client 172.18.0.97:54422] AH00035: access
> to /~hoff/index.html denied (filesystem path
> '/home/hoff/public_html/index.html') because search permissions are
> missing on a component of the path
>
> I rebuilt the server and am using fedora 38 fully updated. Problem still
> persists.
>
> FYI only (netstat -nap | grep httpd):
> tcp 0 0 172.18.0.20:80 0.0.0.0:* LISTEN 3456/httpd
> tcp 0 0 172.18.0.20:443 0.0.0.0:* LISTEN 3456/httpd
> tcp6 0 0 fec0::ac12:14:443 :::* LISTEN 3456/httpd
> tcp6 0 0 fec0::ac12:14:80 :::* LISTEN 3456/httpd
>
> Regards,
>
> --
>
> Andrew Hoff
> 6/10 Middle Road
> Maribyrnong 3032
> Victoria, AU
> Tel: 0393185581 (Please leave a message.)
> Mob: 0400966178
> Email: andrew.hoff@bigpond.com
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

--
Cheers

Jean-Frederic


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Cannot authenticate (after six years) [ In reply to ]
thumbs at apache
Jul 28, 2023, 10:00 AM
Post #6 of 11 (337 views)
Permalink
You need to run namei -mo /home/hoff/public_html/index.html and fix the
permissions. httpd needs traversal capability from /.

Also, consider moving your content out of /home

On Fri, Jul 28, 2023 at 12:40?PM jean-frederic clere <jfclere@gmail.com>
wrote:

> On 7/20/23 15:07, Andrew Hoff wrote:
> > Hello,
> >
> > Strange problem. Everything was going great for at least six years then
> > all of a sudden authentication using port 80 failed. Authentication
> > using port 443 works fine.
>
> Probably something is defined in the 443 VirtualHost and not in 80 one..
>
> SElinux would block both port and not only 80, but that is worth
> checking. Check if enable, if yes put a permissive mode and retry.
>
> > I first noticed the problem because apache no longer creates the
> > REMOTE_USER env variable. _I want authentication using port 80, i.e.
> > plain vanilla http._
> >
> > httpd.conf attached. See line 169. (httpd service is running.)
> > If I enter the following url it should bring up a login box:
> > http://172.18.0.20/~hoff <http://172.18.0.20/~hoff> (It no longer does.)
> > Error_log: [Thu Jul 20 21:39:57.913337 2023] [core:error] [pid 3460:tid
> > 3522] (13)Permission denied: [client 172.18.0.97:54422] AH00035: access
> > to /~hoff/index.html denied (filesystem path
> > '/home/hoff/public_html/index.html') because search permissions are
> > missing on a component of the path
> >
> > I rebuilt the server and am using fedora 38 fully updated. Problem still
> > persists.
> >
> > FYI only (netstat -nap | grep httpd):
> > tcp 0 0 172.18.0.20:80 0.0.0.0:* LISTEN 3456/httpd
> > tcp 0 0 172.18.0.20:443 0.0.0.0:* LISTEN 3456/httpd
> > tcp6 0 0 fec0::ac12:14:443 :::* LISTEN 3456/httpd
> > tcp6 0 0 fec0::ac12:14:80 :::* LISTEN 3456/httpd
> >
> > Regards,
> >
> > --
> >
> > Andrew Hoff
> > 6/10 Middle Road
> > Maribyrnong 3032
> > Victoria, AU
> > Tel: 0393185581 (Please leave a message.)
> > Mob: 0400966178
> > Email: andrew.hoff@bigpond.com
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
>
> --
> Cheers
>
> Jean-Frederic
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Cannot authenticate (after six years) [ In reply to ]
andrew.hoff at bigpond
Jul 30, 2023, 5:52 AM
Post #7 of 11 (337 views)
Permalink
Hello,

I have resolved ALL issues. Nearly all problems were related to
selinux. It is lucky I made some notes.

Data in home directories is not a problem. It was just selinux.

Regards,
--
Andrew Hoff
6/10 Middle Road
Maribyrnong 3032
Victoria
Tel: 0393185581 (Please leave a message.)
Mob: 0400966178
Email: andrew.hoff@bigpond.com


On Fri, 2023-07-28 at 13:00 -0400, Frank Gingras wrote:
> You need to run namei -mo /home/hoff/public_html/index.html and fix
> the permissions. httpd needs traversal capability from /.
>
> Also, consider moving your content out of /home
>
> On Fri, Jul 28, 2023 at 12:40?PM jean-frederic clere
> <jfclere@gmail.com> wrote:
> > On 7/20/23 15:07, Andrew Hoff wrote:
> > > Hello,
> > >
> > > Strange problem. Everything was going great for at least six
> > years then
> > > all of a sudden authentication using port 80 failed.
> > Authentication
> > > using port 443 works fine.
> >
> > Probably something is defined in the 443 VirtualHost and not in 80
> > one..
> >
> > SElinux would block both port and not only 80, but that is worth
> > checking.  Check if enable, if yes put a permissive mode and retry.
> >
> > > I first noticed the problem because apache no longer creates the
> > > REMOTE_USER env variable. _I want authentication using port 80,
> > i.e.
> > > plain vanilla http._
> > >
> > > httpd.conf attached. See line 169. (httpd service is running.)
> > > If I enter the following url it should bring up a login box:
> > > http://172.18.0.20/~hoff <http://172.18.0.20/~hoff> (It no longer
> > does.)
> > > Error_log: [Thu Jul 20 21:39:57.913337 2023] [core:error] [pid
> > 3460:tid
> > > 3522] (13)Permission denied: [client 172.18.0.97:54422] AH00035:
> > access
> > > to /~hoff/index.html denied (filesystem path
> > > '/home/hoff/public_html/index.html') because search permissions
> > are
> > > missing on a component of the path
> > >
> > > I rebuilt the server and am using fedora 38 fully updated.
> > Problem still
> > > persists.
> > >
> > > FYI only (netstat -nap | grep httpd):
> > > tcp 0 0 172.18.0.20:80 0.0.0.0:* LISTEN 3456/httpd
> > > tcp 0 0 172.18.0.20:443 0.0.0.0:* LISTEN 3456/httpd
> > > tcp6 0 0 fec0::ac12:14:443 :::* LISTEN 3456/httpd
> > > tcp6 0 0 fec0::ac12:14:80 :::* LISTEN 3456/httpd
> > >
> > > Regards,
> > >
> > > --
> > >
> > > Andrew Hoff
> > > 6/10 Middle Road
> > > Maribyrnong 3032
> > > Victoria, AU
> > > Tel: 0393185581 (Please leave a message.)
> > > Mob: 0400966178
> > > Email: andrew.hoff@bigpond.com
> > >
> > >
> > > -----------------------------------------------------------------
> > ----
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> >
Re: Cannot authenticate (after six years) [ In reply to ]
thumbs at apache
Jul 30, 2023, 6:20 AM
Post #8 of 11 (337 views)
Permalink
Data in home directories is indeed a problem for shared systems, since you
have to chmod the /home/user directory.

On Sun, Jul 30, 2023 at 8:53?AM Andrew Hoff <andrew.hoff@bigpond.com.invalid>
wrote:

> Hello,
>
> I have resolved ALL issues. Nearly all problems were related to selinux.
> It is lucky I made some notes.
>
> Data in home directories is not a problem. It was just selinux.
>
> Regards,
>
> --
>
> Andrew Hoff
> 6/10 Middle Road
> Maribyrnong 3032
> Victoria
> Tel: 0393185581 (Please leave a message.)
> Mob: 0400966178
> Email: andrew.hoff@bigpond.com
>
>
> On Fri, 2023-07-28 at 13:00 -0400, Frank Gingras wrote:
>
> You need to run namei -mo /home/hoff/public_html/index.html and fix the
> permissions. httpd needs traversal capability from /.
>
> Also, consider moving your content out of /home
>
> On Fri, Jul 28, 2023 at 12:40?PM jean-frederic clere <jfclere@gmail.com>
> wrote:
>
> On 7/20/23 15:07, Andrew Hoff wrote:
> > Hello,
> >
> > Strange problem. Everything was going great for at least six years then
> > all of a sudden authentication using port 80 failed. Authentication
> > using port 443 works fine.
>
> Probably something is defined in the 443 VirtualHost and not in 80 one..
>
> SElinux would block both port and not only 80, but that is worth
> checking. Check if enable, if yes put a permissive mode and retry.
>
> > I first noticed the problem because apache no longer creates the
> > REMOTE_USER env variable. _I want authentication using port 80, i.e.
> > plain vanilla http._
> >
> > httpd.conf attached. See line 169. (httpd service is running.)
> > If I enter the following url it should bring up a login box:
> > http://172.18.0.20/~hoff <http://172.18.0.20/~hoff> (It no longer does.)
> > Error_log: [Thu Jul 20 21:39:57.913337 2023] [core:error] [pid 3460:tid
> > 3522] (13)Permission denied: [client 172.18.0.97:54422] AH00035: access
> > to /~hoff/index.html denied (filesystem path
> > '/home/hoff/public_html/index.html') because search permissions are
> > missing on a component of the path
> >
> > I rebuilt the server and am using fedora 38 fully updated. Problem still
> > persists.
> >
> > FYI only (netstat -nap | grep httpd):
> > tcp 0 0 172.18.0.20:80 0.0.0.0:* LISTEN 3456/httpd
> > tcp 0 0 172.18.0.20:443 0.0.0.0:* LISTEN 3456/httpd
> > tcp6 0 0 fec0::ac12:14:443 :::* LISTEN 3456/httpd
> > tcp6 0 0 fec0::ac12:14:80 :::* LISTEN 3456/httpd
> >
> > Regards,
> >
> > --
> >
> > Andrew Hoff
> > 6/10 Middle Road
> > Maribyrnong 3032
> > Victoria, AU
> > Tel: 0393185581 (Please leave a message.)
> > Mob: 0400966178
> > Email: andrew.hoff@bigpond.com
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
>
>
Cannot authenticate (after six years) [ In reply to ]
andrew.hoff at bigpond
Jul 31, 2023, 1:52 AM
Post #9 of 11 (336 views)
Permalink
Dear Frank,

chmod 755; I remembered immediately and did that first. I do everything
via symlinks and/or perl 5/7 scripts, e.g. a perl script lists
directory contents in index.html.  As I said everything works. 

Apache is a great product and the inbuilt perl interpreter is pretty
good. I have learnt my lesson and will now use semanage to effectively
document custom settings.

Regards,
--
Andrew Hoff
6/10 Middle Road
Maribyrnong 3032
Victoria
Tel: 0393185581 (Please leave a message.)
Mob: 0400966178
Email: andrew.hoff@bigpond.com


On Sun, 2023-07-30 at 09:20 -0400, Frank Gingras wrote:
> Data in home directories is indeed a problem for shared systems,
> since you have to chmod the /home/user directory.
>
> On Sun, Jul 30, 2023 at 8:53?AM Andrew Hoff
> <andrew.hoff@bigpond.com.invalid> wrote:
> > Hello,
> >
> > I have resolved ALL issues. Nearly all problems were related to
> > selinux. It is lucky I made some notes.
> >
> > Data in home directories is not a problem. It was just selinux.
> >
> > Regards,
Re: Cannot authenticate (after six years) [ In reply to ]
thumbs at apache
Jul 31, 2023, 4:59 AM
Post #10 of 11 (336 views)
Permalink
Andrew,

You're missing the point - if you chmod /home/user to 755, *everyone* on
your system can navigate to your home directory and potentially read
sensitive files.

If this is not a multi-user system, the issue is not as severe; it's still
a bad idea, nonetheless. A better approach is to move the content out of
/home/user and just create a symlink to the content or bash alias if you
want more convenience.

On Mon, Jul 31, 2023 at 4:53?AM Andrew Hoff <andrew.hoff@bigpond.com.invalid>
wrote:

> Dear Frank,
>
> chmod 755; I remembered immediately and did that first. I do everything
> via symlinks and/or perl 5/7 scripts, e.g. a perl script lists directory
> contents in index.html. As I said everything works.
>
> Apache is a great product and the inbuilt perl interpreter is pretty good.
> I have learnt my lesson and will now use semanage to effectively document
> custom settings.
>
> Regards,
>
> --
>
> Andrew Hoff
> 6/10 Middle Road
> Maribyrnong 3032
> Victoria
> Tel: 0393185581 (Please leave a message.)
> Mob: 0400966178
> Email: andrew.hoff@bigpond.com
>
>
> On Sun, 2023-07-30 at 09:20 -0400, Frank Gingras wrote:
>
> Data in home directories is indeed a problem for shared systems, since you
> have to chmod the /home/user directory.
>
> On Sun, Jul 30, 2023 at 8:53?AM Andrew Hoff
> <andrew.hoff@bigpond.com.invalid> wrote:
>
> Hello,
>
> I have resolved ALL issues. Nearly all problems were related to selinux.
> It is lucky I made some notes.
>
> Data in home directories is not a problem. It was just selinux.
>
> Regards,
>
>
Re: Cannot authenticate (after six years) [ In reply to ]
x at mynetblog
Aug 1, 2023, 9:37 PM
Post #11 of 11 (331 views)
Permalink
Because you are not using encryption, I hope that you know anyone on your
network can sniff your login usernames and passwords used for your
webserver.

You can get a free SSL certificate from: https://letsencrypt.org/

You can test your SSL server here:
https://www.ssllabs.com/ssltest/analyze.html

and here: https://en.internet.nl/

Landon

On Thu, Jul 20, 2023 at 7:07?AM Andrew Hoff <andrew.hoff@bigpond.com.invalid>
wrote:

> Hello,
>
> Strange problem. Everything was going great for at least six years then
> all of a sudden authentication using port 80 failed. Authentication using
> port 443 works fine.
> I first noticed the problem because apache no longer creates the
> REMOTE_USER env variable. *I want authentication using port 80, i.e.
> plain vanilla http.*
>
> httpd.conf attached. See line 169. (httpd service is running.)
> If I enter the following url it should bring up a login box:
> http://172.18.0.20/~hoff (It no longer does.)
> Error_log: [Thu Jul 20 21:39:57.913337 2023] [core:error] [pid 3460:tid
> 3522] (13)Permission denied: [client 172.18.0.97:54422] AH00035: access
> to /~hoff/index.html denied (filesystem path
> '/home/hoff/public_html/index.html') because search permissions are missing
> on a component of the path
>
> I rebuilt the server and am using fedora 38 fully updated. Problem still
> persists.
>
> FYI only (netstat -nap | grep httpd):
> tcp 0 0 172.18.0.20:80 0.0.0.0:* LISTEN 3456/httpd
> tcp 0 0 172.18.0.20:443 0.0.0.0:* LISTEN 3456/httpd
> tcp6 0 0 fec0::ac12:14:443 :::* LISTEN 3456/httpd
> tcp6 0 0 fec0::ac12:14:80 :::* LISTEN 3456/httpd
>
> Regards,
>
> --
>
> Andrew Hoff
> 6/10 Middle Road
> Maribyrnong 3032
> Victoria, AU
> Tel: 0393185581 (Please leave a message.)
> Mob: 0400966178
> Email: andrew.hoff@bigpond.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal