httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Gearls <nickgea...@gmail.com>
Subject FakeBasicAuth changes
Date Wed, 26 Sep 2007 16:06:52 GMT
Did something change in 2.2.6 regarding FakeBasicAuth ?
I always get now 'user /...: authentication failure for "/path/": 
Password Mismatch'.
It worked with version 2.0.59, with the same config (see below).
Does 2.2.6 it use another hash algorithm by default or so ?

In the debug log, I can find:
   Faking HTTP Basic Auth header: "Authorization: Basic 
L0M9QkUvU1Q9QmVsZ2l1bS9MPUJydXNzZWxzL089QXBwcm9hY2ggQmVsZ2l1bS9PVT1BcGFjaGUgdGVzdCBjZXJ0aWZpY2F0ZS9DTj0xMjcuMC4wLjE6cGFzc3dvcmQ="

What is this header contents ? Isn't it supposed to be base64 ? I cannot 
decode it.

Thanks

Nick

SSLVerifyClient require
<Location "/">
 SSLRequireSSL
 SSLOptions +FakeBasicAuth
 Authname "NSA protected site for countries"
 AuthType Basic
 AuthUserFile conf/users.auth
 Require valid-user
</Location>

user.auth (DN coming from OpenSSL):
/...:xxj31ZMTZzkVA


Mime
View raw message