Troubleshooting Tip: Apache Authentication Fails: /etc/httpd/accounts/passwds file blank or corrupted

Check for authentication errors:
Review Apache error logs for failed authentication attempts:

tail -f /var/log/httpd/ssl_error_log

Example output:

AH01618: user admin not found: /svn
AH01618: user 10003 not found: /fwdupload

Repeated 'user not found' entries indicate that the /etc/httpd/accounts/passwds file is missing valid credentials.

Also check for PUT failures returning HTTP 401:

tail -f /var/log/httpd/ssl_access_log

Example output:

[31/Oct/2025:09:56:21 -0400] "PUT /phoenix/rest/windowsAgent/update HTTP/1.0" 401 998

Verify the password file on all cluster nodes (Supervisor, Worker, Collector):

Inspect the password file:

cat /etc/httpd/accounts/passwds

* If it is blank, the file was cleared or never populated.
* If it is corrupted or contains invalid characters, authentication will fail.

Take a backup of the password file:

Make a backup and edit the file:

cp -a /etc/httpd/accounts/passwds /etc/httpd/accounts/passwds.bak

Regenerate the admin password entry on the supervisor:
Run the following command to recreate the admin entry in the file and generate the correct SHA password:

htpasswd -bs /etc/httpd/accounts/passwds admin "$(phLicenseTool --showSvnPassword)"

Explanation:

• htpasswd – Apache tool for managing password files.

• -b – Supply password on command line.

• -s – Use SHA encryption.

• /etc/httpd/accounts/passwds: Destination file for credentials.

• $(phLicenseTool --showSvnPassword): Retrieves the current SVN password from FortiSIEM’s license configuration.

Make sure this /etc/httpd/accounts/passwds file is the same on all supers and worker nodes.

Expected output:

A password is added for the admin user.

Verify:

Monitor the access log for successful authentication:

 tail -f /var/log/httpd/ssl_access_log

Expected output:
Entries should now show 200 instead of 401, for example:

127.0.0.1 - admin "GET /svn HTTP/1.1" 200 -