Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 27305 invoked from network); 28 Sep 2007 07:15:40 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 28 Sep 2007 07:15:40 -0000 Received: (qmail 49628 invoked by uid 500); 28 Sep 2007 07:15:26 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 49569 invoked by uid 500); 28 Sep 2007 07:15:26 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 49558 invoked by uid 99); 28 Sep 2007 07:15:26 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Sep 2007 00:15:26 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of nickgearls@gmail.com designates 64.233.182.187 as permitted sender) Received: from [64.233.182.187] (HELO nf-out-0910.google.com) (64.233.182.187) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Sep 2007 07:15:27 +0000 Received: by nf-out-0910.google.com with SMTP id c10so1917827nfd for ; Fri, 28 Sep 2007 00:15:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=1oZNi2ZyAv3yqaD9O5NfQElHEXyNJrhlTpv0+yeh1Rg=; b=b/OKv+cy//yeiSjGg1CIHJUYXzl+QqzeK3Oqeh/q+FBPCvhU6E0bdx5v+4nUJG5Qs8LHHNfBGo37NiVA4duaIUiqTwT99LUUNCtIPc31DyfaQFqZVLMWIx/3EzAoQRyUivzymK6W5jHw0rT3Oq7ahPII3ogsalzxSSjfT1bXsvI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=D/HCgX5B+1BTGfBJRvXnT64kJ/xH40XX/VnHrzYIuoxTISxQza/kUbxx8wedHb/hLGPFfEIFzp2vxNM29s28NdvHaZtAYKnEC5FzPgdZBpaI4uJVANVKqQPlDJ4lBfpPltj2WhZGFhuM08gPvsfrhnwTyapGj2UK+BdGRt8OdiI= Received: by 10.78.185.15 with SMTP id i15mr2693165huf.1190963706018; Fri, 28 Sep 2007 00:15:06 -0700 (PDT) Received: from ?10.129.16.101? ( [194.7.54.18]) by mx.google.com with ESMTPS id k9sm2269123nfh.2007.09.28.00.15.03 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 28 Sep 2007 00:15:03 -0700 (PDT) Message-ID: <46FCA9F5.3090402@gmail.com> Date: Fri, 28 Sep 2007 09:15:01 +0200 From: Nick Gearls User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: FakeBasicAuth changes References: <46FA839C.2090500@gmail.com> <1190879881.25267.5.camel@henriknordstrom.net> <46FA81B5.3030809@gmail.com> <46FBCF42.2030201@apache.org> <46FBD218.80002@gmail.com> In-Reply-To: <46FBD218.80002@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Additional info: I also tried without FakeBasicAuth, to have the interactive password box, and with another user 'frank' and the password 'sinatra'. Depending on my password file, I get the following errors: - frank:mlVo7KaArYZhg -> dialog box -> frank/sinatra -> user frank: authentication failure: Password Mismatch - frank:$apr1$9U1.....$C.5OJhZ4UxxM9SIzv4XAY0 -> no dialog box -> configuration error: couldn't check access. No groups file? - frank:{SHA}7DUut/wAuxmp4mKiKKNr9eEUeG0= -> no dialog box -> configuration error: couldn't check access. No groups file? So, MD5 & SHA-1 are not supported. With FakeBasicAuth, I get exactly the same password error: user /C=BE/ST=Belgium/...: authentication failure: Password Mismatch It seems that the CRYPT algorithm that is used is not compatible with the previous versions !?! When I try 'htpasswd.exe -nbd', it responds 'Automatically using MD5 format'. I use OpenSSL 0.9.8e. Nick Gearls wrote: > I tried both MD5 and SHA-1 passwords. > I'm on Windows XP/2003. > >>> I always get 'user /...: authentication failure for "/path/": >>> Password Mismatch', although my password file looks correct: >>> /C=BE/ST=Belgium/L=Brussels/O=Approach Belgium/OU=Apache test >>> certificate/CN=127.0.0.1:xxj31ZMTZzkVA >>> >>> Does 2.2.6 it use another hash algorithm by default or so ? >> >> 1. What is your platform? >> 2. Have you tried with the md5 password >> ($apr1$nvFsZ/..$kPIYJ444oUVBALuYT2nZJ0) >> or the SHA password ({SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=)?