Ok, I'm feeling pretty retarded as I can't figure this out. I'm trying to set up user authentication in apache. So I created a <Directory /my/restricted/dir> entry in httpd.conf for the area with restricted access and gave it 'AllowOverride AuthConfig'.
I also made sure I was loading 'auth_module', and set 'AccessFileName .htaccess'. In the restricted directory, I placed a '.htaccess' file containing: AuthName "restricted stuff" AuthType Basic AuthUserFile /etc/apache/users require valid-user Then I used htpasswd and added a user to /etc/apache/users. Then I issued a '/etc/init.d/apache restart', tested it out, and it didn't work. The web browser prompts me for a username and password, which I enter correctly, but it fails to authenticate me and denies me access. The access.log and error.log files don't give any useful information. If I remove the .htaccess file from the directory in question, everything works fine (without authentication, of course). The /etc/apache/users file is world-readable (ugh), so that shouldn't be a problem. I tried using all the different types of encryption available with htpasswd... Any ideas? -- Brian Nelson <[EMAIL PROTECTED]>