httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Gearls <nickgea...@gmail.com>
Subject Re: FakeBasicAuth changes
Date Fri, 28 Sep 2007 07:15:01 GMT
Additional info: I also tried without FakeBasicAuth, to have the 
interactive password box, and with another user 'frank' and the password 
'sinatra'.
Depending on my password file, I get the following errors:
    - frank:mlVo7KaArYZhg
      -> dialog box -> frank/sinatra
      -> user frank: authentication failure: Password Mismatch
    - frank:$apr1$9U1.....$C.5OJhZ4UxxM9SIzv4XAY0
      -> no dialog box
      -> configuration error:  couldn't check access.  No groups file?
    - frank:{SHA}7DUut/wAuxmp4mKiKKNr9eEUeG0=
      -> no dialog box
      -> configuration error:  couldn't check access.  No groups file?
So, MD5 & SHA-1 are not supported.

With FakeBasicAuth, I get exactly the same password error:
user /C=BE/ST=Belgium/...: authentication failure: Password Mismatch

It seems that the CRYPT algorithm that is used is not compatible with 
the previous versions !?!
When I try 'htpasswd.exe -nbd', it responds 'Automatically using MD5 
format'.
I use OpenSSL 0.9.8e.


Nick Gearls wrote:
> I tried both MD5 and SHA-1 passwords.
> I'm on Windows XP/2003.
> 
>>> I always get 'user /...: authentication failure for "/path/":
>>> Password Mismatch', although my password file looks correct:
>>>  /C=BE/ST=Belgium/L=Brussels/O=Approach Belgium/OU=Apache test
>>> certificate/CN=127.0.0.1:xxj31ZMTZzkVA
>>>
>>> Does 2.2.6 it use another hash algorithm by default or so ?
>>
>> 1. What is your platform?
>> 2. Have you tried with the md5 password 
>> ($apr1$nvFsZ/..$kPIYJ444oUVBALuYT2nZJ0)
>>    or the SHA password ({SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=)?

Mime
View raw message