Hi Tom!
Thanks for the pointers. After much systematic experimenting I
discovered that when I entered users & passwords with the mysql command
line using password(), encrypt(), sha1() or old_password, only encrypt()
was readable by apache authentication. Then I entered users and
passwords using apache's htpasswd to generate md5 sha1 crypt and apache
was able to authenticate those.
So much to my surprise, mysql's sha1 and md5 produces an encryption not
readable by apache. I was under the assumption that all sha1 and md5
encryptions were the same across all applications!
This is an example of a mysql produced sha1:
*A34CDEEEE1232ACBCBCDD4D4D3D2D12341ACACE3
This is an example of an htpasswd produced sha1:
{SHA1}6u5F+11u1xNIBuFBh+X+sydW+4=
Regards,
-Bill
Tom Donovan wrote:
paredes wrote:
Greetings!
I've been running OS-X 10.3.9, with apache2.2.3 [ldap w/failover to
mod_authn_dbd], mysql5.0.3x & php5.1 all built from source. I've just
upgraded our test server to OSX 10.5, apache2.2.6 & mysql5.0.51. The
problem is that while the DBDDriver connects it refuses to authenticate
valid users. The apache logs which are set to debug return:
"user jones: authentication failure for "/ProtectedArea": Password
Mismatch"
When I deliberately provide an unknown user the logs return: "user mary
not found: /ProtectedArea"
It sounds like you are getting *something* returned by your
authentication query, just not the exact password hash.
Possibly the problem is trailing spaces. The behavior of MySQL CHAR
and VARCHAR fields for trailing spaces has changed over time per
http://dev.mysql.com/doc/refman/5.0/en/char.html
Try a SQL statement like: "SELECT TRIM(password_field) FROM
user_table WHERE user_field = %s"
instead of: "SELECT password_field FROM user_table WHERE user_field =
%s"
Additional clues might be found by enabling MySQL logging per:
http://dev.mysql.com/doc/refman/5.0/en/query-log.html
and checking what your SQL statement actually looks like to MySQL.
-tom-
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
