Re: Oddity w/ mod_auth_digest
> > The password file was created from the current apache > version's htpasswd via: > > htpasswd -c -m -b lembark foobar; you know you need to use htdigest when creating a digest password entry, right? > > which I thought should have created the proper entry. take a look at it. digest authentication should be in the form of user:realm:8493fbc53ba582fb4c044c456bdc40eb from the look of things, mod_auth_digest can't find the realm in the password file. > > I havn't had a chance yet to test whether the site works > with this outside of the perly section. > > Is there any documentation that describes this in more > detail than the mod_auth_digest.html, or has anyone > seen this specific error? the forthcoming (january) mod_perl Developer's Cookbook spends about 10 pages talking about digest authentication and how it is implemented. --Geoff
Oddity w/ mod_auth_digest
Unable to access site, errlog shows:
[error] Digest: user `lembark' in realm `CDR' not found: /cdr/Data
Checking the password file, it's there -- moving it or changing
the location in httpd.conf gives an unfound file error. Checking
the doc's on www.apache.org for the mod_auth_digest, their example
at http://httpd.apache.org/docs/mod/mod_auth_digest.html looks like:
AuthType Digest
AuthName "private area"
AuthDigestDomain /private/ http://mirror.my.dom/private2/
AuthDigestFile /web/auth/.digest_pw
Require valid-user
Mine looks like:
...
$Location{'/cdr'} =
{
PerlSetEnv => "BASEURL $baseurl",
SetHandler => 'perl-script',
AuthType=> 'Digest',
AuthDigestFile => "$ServerRoot/digest_pw",
AuthName=> 'CDR',
# AuthDigestDomain=> '/cdr',
require => 'valid-user',
PerlHandler => 'Cdr::Welcome',
};
...
I've tried various combinations of '/cdr' and '/cdr/' in
both the location, AuthName and AuthDigestName without
changing the error message. Commenting out the domain
(shown above) hasn't done any good either).
The password file was created from the current apache
version's htpasswd via:
htpasswd -c -m -b lembark foobar;
which I thought should have created the proper entry.
I havn't had a chance yet to test whether the site works
with this outside of the perly section.
Is there any documentation that describes this in more
detail than the mod_auth_digest.html, or has anyone
seen this specific error?
thanx.
--
Steven Lembark 500 W. Madison, St. 3100
Knightsbridge Solutions Chicago, IL 60661
"Performance that Empowers" +1 312 577 0210
Re: mod_auth_digest
At 12:44 16/08/01 -0600, Bruce W. Hoylman wrote: >Lincoln Stein developed a very useful module for doing both Basic and >Digest user/password management. Titled HTTPD-User-Manage-1.58 >I believe it is still available as: > >http://www.genome.wi.mit.edu/~lstein/user_manage/user_manage.tar.gz that's exactly what i was looking for, thanks alot!! the link above is broken, but it is available on CPAN: http://search.cpan.org/search?dist=HTTPD-User-Manage Thanks alot! Thomas Bach <><><><><><><><> think karo... bkaro.net
Re: mod_auth_digest
Lincoln Stein developed a very useful module for doing both Basic and Digest user/password management. Titled HTTPD-User-Manage-1.58 I believe it is still available as: http://www.genome.wi.mit.edu/~lstein/user_manage/user_manage.tar.gz Check it out. I like it, anyway. YMMV. Peace.
Re: mod_auth_digest
Right, assuming you're using basic auth.
Otherwise, check CPAN for Crypt::PasswdMD5 or Digest::MD5.
cheers,
--
Cody Sherr
Engineer
Covalent Technologies
phone: (415)536-5292
email: [EMAIL PROTECTED]
On Wed, 15 Aug 2001, Thomas Bach wrote:
> At 09:25 15/08/01 -0700, you wrote:
> >You have a couple of options.
> >
> >First is to use calls to htpasswd()
> >
> >system("$apacheroot/bin/htpasswd", "-b", "/path/to/passwordfile",
> >"username", "password")
>
>
> this works with basic-authentication, but "htdigest" knows no -b parameter :-(
>
>
> >The second, which is more efficient than starting a htpasswd process, is
> >to use perl's crypt(), create a password, and then append it to your
> >password file.
>
>
> do basic & digest authentication use the same algorithym to crypt the
> passwords?
>
>
> >It's my understanding, that if your form starts in HTTPS, you can use
> >basic auth and SSL will protect that along with the rest of your data.
>
>
> mine's the same, but i'm not sure, so i ask ...
>
>
> thanks anyway ...
>
>
> Thomas Bach
>
> <><><><><><><><>
> think karo...
> bkaro.net
>
>
Re: mod_auth_digest
Thomas,
You have a couple of options.
First is to use calls to htpasswd()
system("$apacheroot/bin/htpasswd", "-b", "/path/to/passwordfile",
"username", "password")
The second, which is more efficient than starting a htpasswd process, is
to use perl's crypt(), create a password, and then append it to your
password file.
It's my understanding, that if your form starts in HTTPS, you can use
basic auth and SSL will protect that along with the rest of your data.
regards,
--
Cody Sherr
Engineer
Covalent Technologies
phone: (415)536-5292
email: [EMAIL PROTECTED]
On Wed, 15 Aug 2001, Thomas Bach wrote:
> Hello list
>
> it's now the fifth time i went looking to find sth on the web, but i didn't
> find anything. So perhaps it could be a little bit ot, sorry for that.
>
> I'm running a project using apache (mod_perl/mod_ssl/mySQL) on Linux for
> which i would change the authetication mechanism to mod_auth_digest, and
> i've the following questions:
>
> is the digest-authentication really necessary, when using mod_ssl, or would
> a basic-authetication be enough?
> For the moment i'm using a authentication over a form with session-cookies.
> Perhaps it is secure enough if i expand it (make it unpossible, to make a
> bot trying every cookie-value, and so on ...)?
>
> i have created a browser-front-end for the user-management. How is it
> possible to add/delete over Perl a new user/passwort to the digest-pw-file?
> I tryed it with open(), system(), ... but without any success.
>
> Thank you for every hint or URL ;oP
>
> Thomas Bach
>
>
> <><><><><><><><>
> think karo...
> bkaro.net
>
>
mod_auth_digest
Hello list it's now the fifth time i went looking to find sth on the web, but i didn't find anything. So perhaps it could be a little bit ot, sorry for that. I'm running a project using apache (mod_perl/mod_ssl/mySQL) on Linux for which i would change the authetication mechanism to mod_auth_digest, and i've the following questions: is the digest-authentication really necessary, when using mod_ssl, or would a basic-authetication be enough? For the moment i'm using a authentication over a form with session-cookies. Perhaps it is secure enough if i expand it (make it unpossible, to make a bot trying every cookie-value, and so on ...)? i have created a browser-front-end for the user-management. How is it possible to add/delete over Perl a new user/passwort to the digest-pw-file? I tryed it with open(), system(), ... but without any success. Thank you for every hint or URL ;oP Thomas Bach <><><><><><><><> think karo... bkaro.net
[OT] mod_auth_digest bug; Programming modules information needed...
Hello all!
Today I tried to install mod_auth_digest (Apache 1.3.12).
Installed without any problems, but when I request scripts with parameters
in protected directory -
Bad Request
requested URI /manager/script.asp not equals /manager/script.asp?param_1=23
Or something like this.
I now that mod_auth_digest is experemental module, it is just bug report.
And another question.
I need to place homepages of one user's group on one site, and another group
on another.
mod_userdir does not allow to do this.
I found mod_userpath.c and change it slightly.
Script doesn't work, and I don't know where I can read documentation about
writing modules.
I know that there is www.modperl.com and O'Reilly book (I'm not too reach to
buy this book here - Russia), but may be you can tell me about another
resources ?
#include "httpd.h"
#include "http_config.h"
module userpath_module;
#define DEFAULT_USER_PATH "/usr/local/etc/httpd/htdocs/"
void *create_userpath_config (pool *dummy, server_rec *s)
return (void*)DEFAULT_USER_PATH;
}
char *set_user_path (cmd_parms *cmd, void *dummy, char *arg)
{
void *server_conf = cmd->server->module_config;
ap_set_module_config (server_conf, &userpath_module,
ap_pstrdup (cmd->pool, arg));
return NULL;
}
command_rec userpath_cmds[] = {
{ "UserPath", set_user_path, NULL, RSRC_CONF, TAKE1,
"the directory which contains all user html directories or
'disabled'" },
{ NULL }
};
int translate_userpath (request_rec *r)
{
void *server_conf = r->server->module_config;
char *userpath = (char *)ap_get_module_config(server_conf,
&userpath_module)
;
char *name = r->uri;
if (userpath != NULL && strcasecmp(userpath, "disabled") != 0 &&
name[0] == '/' && name[1] == '~')
{
char *w, *dname;
dname = name + 2;
w = ap_getword(r->pool, &dname, '/');
r->filename = ap_pstrcat (r->pool, userpath, "/", w, "/public_html",
dna
me, NULL);
return OK;
}
return DECLINED;
}
module userpath_module = {
STANDARD_MODULE_STUFF,
NULL,/* initializer */
NULL,/* dir config creater */
NULL,/* dir merger --- default is to override */
create_userpath_config, /* server config */
NULL,/* merge server config */
userpath_cmds, /* command table */
NULL,/* handlers */
translate_userpath, /* filename translation */
NULL,/* check_user_id */
NULL,/* check auth */
NULL,/* check access */
NULL,/* type_checker */
NULL,/* fixups */
NULL /* logger */
};
Sergey Polyakov - Chief of WebZavod.
http://www.webzavod.ru
