httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: mod_authn_dbd and apr_password_validate
Date Mon, 08 Jan 2007 21:02:22 GMT


On 01/08/2007 05:08 PM, Patrick Welche wrote:

> 
> 
> First an apology for posting to dev: I thought there was at least a
> documentation issue, but no:
> 
> AuthDBDUserPWQuery Directive
> ...
>    SQL varchar) argument (username), and return a single value (encrypted
>    password).                                                   ^^^^^^^^^
> 
> I am still searching for a way to get an encrypted password to be accepted..
> With
> 
> AuthDBDUserPWQuery "select md5(prefname) from person where userid=%s"
> 
> I get
> 
> [Mon Jan 08 16:04:41 2007] [error] [client ::1] (-1)Unknown error: 4294967295: Comparing
"Patrick" with "f87567f2159b425795ebb7ba9bc406ec"
> [Mon Jan 08 16:04:41 2007] [error] [client ::1] user prlw1: authentication failure for
"/webfolder": Password Mismatch

apr_password_validate or better apr_md5_encode does not simply apply MD5 to the password,
but mixes it with a salt.
Furthermore the password hash needs to start with a 'marker' string to inform apr_password_validate
which hash algorithm
it should use. If none is specified it falls back to crypt.

> 
> and with
> 
> AuthDBDUserPWQuery "select encode(digest(prefname,'sha1'),'hex') from person where userid=%s"

>From my quick view at the apr-util code I would guess that the following should work:

AuthDBDUserPWQuery "select '{SHA}'||encode(digest(prefname,'sha1'),'hex') from person where
userid=%s"

Regards

RĂ¼diger

Mime
View raw message