[rancid] Re: No Password required to read Configs.

Gregers Paludan Nakman gpnster at gmail.com
Fri Apr 9 07:00:35 UTC 2010

This is our simple way of fixing the problem.

Fix the webserve in order to look for .htaccess files in the dir where
rancid is started from:

vi /etc/httpd/conf/httpd.conf

look for "cgi-bin" and change the AllowOverride Parameter:

<Directory "/var/www/cgi-bin">
    # AllowOverride None
    AllowOverride AuthConfig
    Options None
    Order allow,deny
    Allow from all


In the dir refereed to in "Directory" ( /var/www/cgi-bin ), create a file
named .htaccess with the following content:

vi /var/www/cgi-bin/.htaccess

AuthUserFile /usr/local/rancid/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic

require user <NAME OF THE USER YOU WANT TO Grant Access> 
require user jdoe

The last thing to do is to create the password file for the user

htpasswd -c /usr/local/rancid/.htpasswd jdoe
New password: 
Re-type new password: 
Adding password for user jdoe

Restart httpd

#service httpd restart

It is not the perfect way, but now the truck hole is just a gap for a small
car ;-)


More information about the Rancid-discuss mailing list