Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D555AD98D for ; Mon, 19 Nov 2012 15:28:17 +0000 (UTC) Received: (qmail 14608 invoked by uid 500); 19 Nov 2012 15:28:14 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 14566 invoked by uid 500); 19 Nov 2012 15:28:14 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 14536 invoked by uid 99); 19 Nov 2012 15:28:13 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 Nov 2012 15:28:13 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,WEIRD_QUOTING X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of info@finesec.com designates 209.85.214.45 as permitted sender) Received: from [209.85.214.45] (HELO mail-bk0-f45.google.com) (209.85.214.45) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 Nov 2012 15:28:08 +0000 Received: by mail-bk0-f45.google.com with SMTP id jk13so1257884bkc.18 for ; Mon, 19 Nov 2012 07:27:45 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:content-type:x-gm-message-state; bh=5O2Wn3sjSenw+OySlALJi6u2BCyYd7kVlupQW4Yz11g=; b=FL/EhSPMnEno9cSNVxnrVZUx7IDv2RzNofPwtNNy34JEphmCHLsQPbbDe3fSYj+IvJ cke2DNI1VZmYrvOYuIl3IX1Dk1lQ54NRzjCS3imjZusMT7c3iPpR9iQCSm82W4CYtGHJ YmA71bdB5+5BCu84Uez5SJ8gttBmAb8G06Te7Zq1J7SGOG0vzJA4jkg3JMHyXHqZclXy p/uH5CnbK7wbDc0dtKKx5H9/MfsHtiYY1MYnA12+J94khbNNtc/EmTY4rgBjZlRAsaqd OvoBEJKruVeqS9H1EKpCQuH/ihK0MDDbIpEcswMTS+Mi2FEfHdQiWF58zv+NvhYHbWTQ BQvA== MIME-Version: 1.0 Received: by 10.204.131.76 with SMTP id w12mr1325529bks.44.1353338865332; Mon, 19 Nov 2012 07:27:45 -0800 (PST) Received: by 10.204.226.145 with HTTP; Mon, 19 Nov 2012 07:27:44 -0800 (PST) X-Originating-IP: [79.185.190.181] In-Reply-To: <25350807.358311.1353337816968.JavaMail.root@brainsware.org> References: <1900700624.354295.1353249586396.JavaMail.root@brainsware.org> <2040262748.357074.1353316173542.JavaMail.root@brainsware.org> <25350807.358311.1353337816968.JavaMail.root@brainsware.org> Date: Mon, 19 Nov 2012 16:27:44 +0100 Message-ID: From: FINESEC To: users@httpd.apache.org Content-Type: multipart/alternative; boundary=00151747c15454308504cedac2f4 X-Gm-Message-State: ALoCoQkEu+FRxb4/H14coj1ei3qXno8gMMTeFtJKvQdHpHBKzm5a6SpBiNuISI3x5cPVDWogtQO+ X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Apache 2.2 authentication against a Mysql Database --00151747c15454308504cedac2f4 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello, Apache doesn't support password hashes generated by mysql. Use htpasswd or openssl to generate hashes that are supported by apache: htpasswd -nbm username password openssl passwd -apr1 password Adam Black, FINESEC.COM - authentication software for Apache On Mon, Nov 19, 2012 at 4:10 PM, Igor Gali=C4=87 w= rote: > > > ----- Original Message ----- > > Hello, > > > > When I inserted the user in to the mysql database I have a field > > called password it's a varchar(64) field. For the password value I > > used mysql's sha function so the entry looked like: > > > > sha('password') > > > > won the insert line. > > > > I'm not sure if that answers your question. > > Let me repeat my last question: Does the password look like httpd > expects the password to look? > > Now, let me quote from the document > ( http://httpd.apache.org/docs/2.2/misc/password_encryptions.html ) > I linked: > > """" > SHA1 > > $ htpasswd -nbs myName myPassword > myName:{SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE=3D > """" > > Does your password look like this? > > {SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE=3D > > > i > > -- > Igor Gali=C4=87 > > Tel: +43 (0) 664 886 22 883 > Mail: i.galic@brainsware.org > URL: http://brainsware.org/ > GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > --00151747c15454308504cedac2f4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hello,

Apache doesn't support password hashes = generated by mysql. Use htpasswd or openssl to generate hashes that are sup= ported by apache:

htpasswd -nbm username password
openssl passwd -apr1 password

Adam Black,
FINESEC.COM=C2=A0- authentication= software for Apache

On Mon, Nov 1= 9, 2012 at 4:10 PM, Igor Gali=C4=87 <i.galic@brainsware.org> wrote:


----- Original Message -----
> Hello,
>
> When I inserted the user in to the mysql datab= ase I have a field
> called password it's a varchar(64) field. For the password value I=
> used mysql's sha function so the entry looked like:
>
> sha('password')
>
> won the insert line.
>
> I'm not sure if that answers your question.

Let me repeat my last question: Does the password look like httpd
expects the password to look?

Now, let me quote from the document
( http://httpd.apache.org/docs/2.2/misc/password_encrypt= ions.html )
I linked:

""""
SHA1

$ htpasswd -nbs myName myPassword
myName:{SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE=3D
""""

Does your password look like this?

=C2=A0 =C2=A0{SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE=3D


i

--
Igor Gali=C4=87

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org<= br> URL: http://brainsware= .org/
GPG: 6880 4155 74BD FD7C B515 =C2=A02EA5 4B1D 9E08 A097 C9AE


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


--00151747c15454308504cedac2f4--