httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthieu MARC <matthieu.m...@wanadoo.fr>
Subject [users@httpd] SHA1 and user authentication
Date Sat, 30 Aug 2003 10:41:53 GMT

Hi everybody,

-> My goal is the authenticate users using SHA1 (can't choose others 
algos, I have to integrate myself without another software). and htpasswd.

-> My server is runnig RedHat 8.0  with provide only Apache 2.0 (!).

-> My problem is that authentication using SHA1 does not work (for me) 
at all with Apache 2.0.


Additionnal informations :

I configure authentication using an .htaccess file

    <begin htaccess>
    ...
    AuthType Basic
    AuthUserFile /etc/httpd/password.ht
    ...
    <end>

In the password file :

    <begin password.ht>
    ...
    test:blxA9o3e7zFxg
    test2:{SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=
    ...
    <end>

both password are 'test', first one is in apache MD5, the second in SHA1 
base64.

Command used to make the file are :
    $ htpasswd /etc/httpd/nagios.htpasswd test
    $ htpasswd -s /etc/httpd/nagios.htpasswd test2

Only the first password work.


I tried using the same configuration with Apache 1.3.2x on another 
system and it worked (both password).

The first solution is to use apache 1.3.2x on redhat80, but because of 
lack of some lib (mm for example), it is not easy to compile and package 
the apache 1.3.2x server. I would prefer to use apache 2.0 version.

I tried also the same configuration with Apache 2.0 on debian system, 
and it does not work.


Resume :

     authenticating user with SHA1 work only with apache 1.3.x
    i didn't manage to make it work with apache 2.0 on any system (I 
presume).


Is the feature broken in apache 2.0 ?
Is the configuration change ?

Thanks for help

--
Matthieu MARC
matthieu.marc_AT_wanadoo.fr







---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message