Apache 2.4 "..authentication failure..:Password Mismatch"
Solution 1
I just had the same issue, was driving me nuts for the last hour. I can confirm that Steve's suggestion to enter the password in the command line works - so in my case "htpasswd -b passwordfile user password" did the trick.
Here is the relevant bug report at Apache.
Solution 2
Did you create your password with 'htpasswd'?
htpasswd in httpd-2.4.4 is broken (https://issues.apache.org/bugzilla/show_bug.cgi?id=54735).
As I understand it, the problem is specific to htpasswd in httpd-2.4.4, and only occurs if you enter the password manually, so you can work around the issue by doing one of:
- supply the password on the command line (e.g. "htpasswd -b .htpasswd user password");
- use the version of htpasswd out of httpd-2.4.3;
- use Digest Authentication instead of Basic Authentication (htdigest isn't affected);
- wait until httpd-2.4.5 is released;
- apply the patch in the bug report (which seems to work) and rebuild htpasswd from source.
user1991179
I write code. Sometimes good quote. Sometimes bad code. Sometimes professionally. Sometimes as a hobby.
Updated on July 09, 2022Comments
-
user1991179 almost 2 years
I am running Apache 2.4 in Windows Server 2008 R2. I am attempting to password protect a subdirectory and successfully did so in Apache 2.0. After upgrading I took Apache's advice and am attempting to put the authentication config in httpd.config. I am allowing the reading of the password file and everything appears to be in order, but when I test it I get the following error:
[Mon Apr 01 19:58:36.438476 2013] [auth_basic:error] [pid 3984:tid 788] [client xxx.yyy.254.2:49253] AH01617: user master: authentication failure for "/restricted/file.zip": Password Mismatch
However, I know that I am sending the correct password. See below for my config, any comments are helpful.
<Directory "C:/www/mydir/restricted"> #AllowOverride AuthConfig #Order allow,deny #Allow from all AuthType Basic AuthName Restricted AuthUserFile "C:/www/mydir/passwords/pass" Require valid-user </Directory> <Directory "C:/www/mydir"> Require all granted </Directory> <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "C:/www/mydir" ServerName "fakeurl.com" ErrorLog "C:/www/mydir/logs/error.log" CustomLog "C:/www/mydir/logs/accesslog/access.log" common </VirtualHost> <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "C:/www/mydir" ServerName "www.fakeurl.com" ErrorLog "C:/www/mydir/logs/error.log" CustomLog "C:/www/mydir/logs/accesslog/access.log" common </VirtualHost>