You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Laurent FAILLIE <l_...@yahoo.com> on 2007/08/18 19:24:47 UTC

[users@httpd] RE : [users@httpd] authn_dbd: what format for encrypted password?

--- Phil Endecott 
> Many thanks for any advice you can offer.

Hi Phil,

My only advice is to not use it as it doesn't work :-(
Stock 2.2.4's dbd is buggy and even with an updated
mod_dbd.c it randomly fails (see bug 42732 /
http://issues.apache.org/bugzilla/show_bug.cgi?id=42732).

As a workaround, I authenticate using PHP.

Best regards,

Laurent

The misspelling master is on the Web.
   _________	100 % Dictionnary Free !
  /        /(
 /  Dico  / /	Pleins d'autres fautes sur
/________/ /	
(#######( /	http://destroyedlolo.homeunix.org
Quoi, des fautes d'orthographe! Pas possible ;-D.


      _____________________________________________________________________________ 
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] authn_dbd: what format for encrypted password? [dbd now broken]

Posted by Phil Endecott <sp...@chezphil.org>.
Dear All,

I'm trying to set up auth with postgresql...

Laurent FAILLIE wrote:
> My only advice is to not use it as it doesn't work :-(

Yesterday I thought it was working, but since then it has fallen apart
and I'm wondering if Laurent might be right after all...

Yesterday I was running 2.2.3 (Debian package).  It was working.  This
evening I upgraded to 2.2.4 (still Debian). (Why? "If it ain't broken,
don't fix it."  I should remember that, but it's too late now.)
Although the rest of the system still works, pgsql auth has failed.

My configuration currently looks like this (slightly edited):

<VirtualHost x.y.z.z:443>
          ServerName xxxxx

          DBDriver pgsql
          DBDParams "dbname=xxxx user=xxxx"
          DBDExptime 100
          DBDKeep 1
          DBDMax 5
          DBDMin 1
          DBDpersist on
          # Note docs say 0|1 for persist, but it actually wants on|off

          DocumentRoot /var/www/xxxx
          <Directory /var/www/xxxx>
                  Options FollowSymLinks MultiViews +ExecCGI +Includes
                  AllowOverride All
                  AddHandler cgi-script cgi
                  DirectoryIndex index
                  Order allow,deny
                  allow from all
                  AddOutputFilterByType DEFLATE text/html text/plain
text/css text/javascript
                  AuthName "xxxx"
                  AuthType basic
                  AuthPAM_Enabled off
                  AuthBasicProvider dbd
                  AuthDBDUserPWQuery "select
'{SHA}'||encode(digest(decode(password_b64,'base64'),'sha1'),'base64')
from users where username=$1 and enabled"
                  require valid-user
          </Directory>

          SSLEngine on
          SSLCertificateFile xxxx

          ErrorLog /var/log/apache2/xxxxx/error.log
          LogLevel warn

          CustomLog /var/log/apache2/xxxx/access.log combined
          ServerSignature On

</VirtualHost>


Yesterday I had "DBDpersist off", and no exptime, keep, min or max
parameters.  I tried that at first with 2.2.4, with the following symptoms:

In the error log:
[Mon Aug 20 23:52:14 2007] [error] [client 86.6.8.194] No DBD Authn configured!

In the postgresql log, I see a connection, authorisation and immediate
disconnection, without any query being executed:

2007-08-20 23:52:30 BST LOG:  connection received: host=[local]
2007-08-20 23:52:30 BST LOG:  connection authorized: user=xxxx database=xxxx
2007-08-20 23:52:30 BST LOG:  disconnection: session time: 0:00:00.040
user=xxxx database=xxxx host=[local]

I then tried the "persist on" settings shown above.  This fails in a
different way.  Nothing else in this configuration has changed since it
was working yesterday with 2.2.3, and the postgresql configuration has
not changed.

With "persist on", the symptom is that I see this in the error log:
[Mon Aug 20 23:12:29 2007] [error] [client 86.6.8.194] Error looking up
phil in database

In the postgresql log, I see *nothing at all*.  This log records
something even if I just telnet to the right port number, which makes
me think that Apache isn't attempting to connect at all.  I have tried
to debug with strace, and although it's hard to see what is going on I
can't see any attempts to open a database connection.  lsof -i and lsof
-U don't appear to show any connection either.


So: Can anyone see anything obviously wrong with the configuration
shown above?  I'm aware that there may be some known issues with this
stuff, but are there any known *regressions* from 2.2.3 to 2.2.4?  Was
I just lucky before?  How can I debug further?  Is there a way to get
verbose debug out of mod_dbd?  (I have tried "loglevel debug" but that
doesn't add anything.)


Many thanks for any advice.

Phil.








---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] RE : [users@httpd] authn_dbd: what format for encrypted password?

Posted by Tom Donovan <do...@bellatlantic.net>.
Laurent FAILLIE wrote:
> --- Phil Endecott 
>> Many thanks for any advice you can offer.
> 
> Hi Phil,
> 
> My only advice is to not use it as it doesn't work :-(
> Stock 2.2.4's dbd is buggy and even with an updated
> mod_dbd.c it randomly fails (see bug 42732 /
> http://issues.apache.org/bugzilla/show_bug.cgi?id=42732).
> 

I disagree.  I use mod_dbd with Apache 2.2.4 on both Windows & Linux 
with success. I don't use it with PostgreSQL in production (although I 
have tested with PostgreSQL and found no problems).

I have not experienced random failures (...so far...)

I always apply the patch from comment #22 in bug 39985
  http://issues.apache.org/bugzilla/show_bug.cgi?id=39985#c22

For sites where idle connections may time out, I also apply the patch 
that I proposed in APR bug 42841
   http://issues.apache.org/bugzilla/show_bug.cgi?id=42841
Be careful with this one.  It hasn't been accepted by the APR folks, and 
there's really no indication that it ever will be.

re: documenting the Apache password stuff in the WIKI.
Sure, I will get this done in a day or two.

-tom-





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org