Apache restricted folder access problems

hey, i'm trying to make certain folders i have on my server restricted so that just my friends and i can access them, however i DO have access to the servers config file (considering its on my reg. pc) so instead of using .htaccess files..i'm using the <Directory> instructions in my httpd.conf file. however, for some reason i'm having a problem w/my user auth. i have my .htpasswd file and the location to it correct in my <Directory></Directory> "tags"(?) but when i try to login with any of the names / passwords, it wont login and wont let me. i know absolutely that tha usernames and passwords are right. i've restarted the httpd service multiple times.

i'm running Fedora Core 4 x86_64 with Apache 2.

any ideas on what could be wrong?
thanks

Give us the listing in that config file; are you using the AuthUserFile directive?

Ok, a couple of minor points to clear up first.

First, with some things, Apache is sensitive about directive order; so move them into this precedence, just to be sure;


I am going to stop there a sec; I have rearranged the directives, corrected some vernacular , and altered your passfile name. I hope you are NOT putting the passfile in the same tree as the content -- that is a serious no-no. Also, I would not use a dot file name, and certainly not htpasswd, which is the command to make the encrypted passwords.

That brings me to another point. You DID actually create the passfile using htpasswd, right? Sorry if the question seems 'basic', but I had to know.

Ok, pressing on.
Here's what i think would be easier to manage, versus 'requiring' each user; use groups.



You don't need 'limits' -- the usefulness of that directive has been deprecated and was sadly blown out of proportion for too many years.

In the AuthGroupName, which I called 'authgroupname' -- clever, I know -- you have the following syntax;


Now, it checks the group in the groupfile, sends the name over to the userfile and verifies the password.
Now when you need to add someone, you simply have to edit the group and user files and the apacheconfig will pick up the change.

That should work.

Cheers.