On Tue, 30 Apr 2013 10:31:07 -0400, Ben Johnson <b...@indietorrent.org> wrote:
> > >On 4/30/2013 9:06 AM, Bo Berglund wrote: >> I have a local Apache 2.2 server on my development PC. It is running >> on Windows7X64. >> Some of our folders are protected and we use .htpasswd files to >> authenticate the users with CRYPT-ed passwords. >> THe whole website is version controlled in CVS and I work on a checked >> out copy of the website. >> >> Now I need to develop some PHP scripts and these need to know which >> user is logged on so for debugging I must get the authentication >> going. >> But so far I have been out of luck using the file with CRYPT:ed >> passwords. >> >> I discovered: >> If I use the htpasswd command to create a password on the Win7 box it >> seems to totally disregard the command line switch to make a CRYPT >> password, instead it always forces use of MD5. >> >> On the real server (at Network Solutions) the normal .htpasswd file >> works just fine. >> >> How can I make Apache2.2 on Win7X64 use the existing passwords so I >> can continue developing the PHP scripts? >> >> > >Hi, Bo, > >While I can't identify the cause of your issue readily, I can suggest a >fine alternative: use database authentication instead. > >Here's an excerpt from a blog comment that I wrote some time ago; it >should steer you in the right direction if you are open to my suggestion. > >From: >http://www.pitr.net/index.php/2007/08/08/internal-error-pcfg_openfile-called-with-null-filename/ >--------------------------------------------------------------- >[...] Windows users do not have the ability to specify "AuthUserFile >/dev/null". Furthermore, that is an undesirable solution (as others have >noted). This is the appropriate method, provided as a complete example: > ><Directory /> > Options FollowSymLinks > AllowOverride None > Order deny,allow > Deny from all > Satisfy all > AuthBasicProvider dbm > AuthDBMType SDBM > AuthName "Protected Area" > AuthType Basic > AuthDBMUserFile "D:/Program Files/Apache/passwords.dat" > require valid-user ></Directory> > >Obviously, "AuthBasicProvider" and "AuthDBMType" must reflect the >correct values for your system (available types for "AuthDBMType" are: >default|SDBM|GDBM|NDBM|DB). See >http://httpd.apache.org/docs/2.0/mod/mod_auth_dbm.html and >http://httpd.apache.org/docs/2.1/mod/mod_auth_basic.html for additional >information. > >The above example functions as expected with Apache 2.2.6 on Windows 7 >x86. "passwords.dat" should be created with something like this: > >> D:\Program Files\apache\bin>htdbm -cs "D:\Program >Files\Apache\passwords.dat" yourname > >Note also that, according to the mod_auth_basic manual page (cited >above), setting "AuthBasicAuthoritative" to "Off" "... should only be >necessary when combining mod_auth_basic with third-party modules that >are not configured with the AuthBasicProvider directive." > >Thanks to everyone here for the assistance in getting this to work >properly (under Windows, no less). >--------------------------------------------------------------- > >Happy to answer any questions! Good luck! > >-Ben Well, I cannot easily change the authentication method at all because the "real" website uses CRYPT passwords and we also have a lot of software in-house that updates these .htpasswd files with new user logins when new customers are granted access to the protected parts of the site. I have no idea how I could generate MD5 passwords in my software so I am stuck with CRYPT (which I can create). Note that if this is changed I need to do the same on all of the protected folders on the real site... What I wanted to do was use my own Win7 PC with a mirror image of the website in such a way that I can test all aspects of the PHP scripts before committing to the real world site. So the mirror must be working the same way as the real site. Seems like I must get a Linux box and install Apache there (it is probably already installed out of the box) and then use that as a test tool. But then I can't directly test the files as they are edited, they have to be transferred over to the Linux server first, what a hassle! Sigh, have to think of another solution obviously. -- Bo Berglund Developer in Sweden --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
