httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian J. France" <l...@firehawksystems.com>
Subject Re: mod_authn_dbd and apr_password_validate
Date Sat, 06 Jan 2007 19:59:47 GMT
On Jan 6, 2007, at 1:48 PM, Patrick Welche wrote:
> /*
>  * Validate a plaintext password against a smashed one.  Uses either
>  * crypt() (if available) or apr_md5_encode() or apr_sha1_base64(),  
> depending
>  * upon the format of the smashed input password.  Returns  
> APR_SUCCESS if
>  * they match, or APR_EMISMATCH if they don't.  If the platform  
> doesn't
>  * support crypt, then the default check is against a clear text  
> string.
>  */
> APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd,
>                                                 const char *hash)
>
>
> but here, it looks as though we have to validate a plaintext  
> password against
> a plaintext password.
>
> What am I missing?

That mod_authn_dbd is assuming your database password is not plain  
text, but smashed (crypt, md5, sh1).  I ran into the same issue and  
created this:

   http://www.brianfrance.com/software/apache/mod_authn_dbd.c.diff

Apply the patch and add this to your config:

   AuthDBDPlainTextPasswords on

and you should be set.

Brian



Mime
View raw message