httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From paredes <pare...@aecom.yu.edu>
Subject Re: [users@httpd] DBDmysql connecting but not authenticating
Date Mon, 07 Jan 2008 22:23:30 GMT
Hi Tom!

Thanks for the pointers. After much systematic experimenting I 
discovered that when I entered users & passwords with the mysql command 
line using password(), encrypt(), sha1() or old_password, only encrypt() 
was readable by apache authentication. Then I entered users and 
passwords using apache's htpasswd to generate md5 sha1 crypt and apache 
was able to authenticate those.

So much to my surprise, mysql's sha1 and md5 produces an encryption not 
readable by apache. I was under the assumption that all sha1 and md5 
encryptions were the same across all applications!

This is an example of a mysql produced sha1:
*A34CDEEEE1232ACBCBCDD4D4D3D2D12341ACACE3
This is an example of an htpasswd produced sha1:
{SHA1}6u5F+11u1xNIBuFBh+X+sydW+4=

Regards,
-Bill

Tom Donovan wrote:
> paredes wrote:
>> Greetings!
>> I've been running OS-X 10.3.9, with apache2.2.3 [ldap w/failover to
>> mod_authn_dbd], mysql5.0.3x & php5.1 all built from source. I've just
>> upgraded our test server to OSX 10.5, apache2.2.6 & mysql5.0.51. The
>> problem is that while the DBDDriver connects it refuses to authenticate
>> valid users. The apache logs which are set to debug return:
>> "user jones: authentication failure for "/ProtectedArea": Password 
>> Mismatch"
>> When I deliberately provide an unknown user the logs return: "user mary
>> not found: /ProtectedArea"
>>
> It sounds like you are getting *something* returned by your 
> authentication query, just not the exact password hash.
>
> Possibly the problem is trailing spaces.  The behavior of MySQL CHAR 
> and VARCHAR fields for trailing spaces has changed over time per 
> http://dev.mysql.com/doc/refman/5.0/en/char.html
>
> Try a SQL statement like:  "SELECT TRIM(password_field) FROM 
> user_table WHERE user_field = %s"
> instead of:  "SELECT password_field FROM user_table WHERE user_field = 
> %s"
>
> Additional clues might be found by enabling MySQL logging per:
>   http://dev.mysql.com/doc/refman/5.0/en/query-log.html
> and checking what your SQL statement actually looks like to MySQL.
>
> -tom-
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message