You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Laurent FAILLIE <l_...@yahoo.com> on 2007/08/18 19:24:47 UTC
[users@httpd] RE : [users@httpd] authn_dbd: what format for encrypted password?
--- Phil Endecott
> Many thanks for any advice you can offer.
Hi Phil,
My only advice is to not use it as it doesn't work :-(
Stock 2.2.4's dbd is buggy and even with an updated
mod_dbd.c it randomly fails (see bug 42732 /
http://issues.apache.org/bugzilla/show_bug.cgi?id=42732).
As a workaround, I authenticate using PHP.
Best regards,
Laurent
The misspelling master is on the Web.
_________ 100 % Dictionnary Free !
/ /(
/ Dico / / Pleins d'autres fautes sur
/________/ /
(#######( / http://destroyedlolo.homeunix.org
Quoi, des fautes d'orthographe! Pas possible ;-D.
_____________________________________________________________________________
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] authn_dbd: what format for encrypted password? [dbd now broken]
Posted by Phil Endecott <sp...@chezphil.org>.
Dear All,
I'm trying to set up auth with postgresql...
Laurent FAILLIE wrote:
> My only advice is to not use it as it doesn't work :-(
Yesterday I thought it was working, but since then it has fallen apart
and I'm wondering if Laurent might be right after all...
Yesterday I was running 2.2.3 (Debian package). It was working. This
evening I upgraded to 2.2.4 (still Debian). (Why? "If it ain't broken,
don't fix it." I should remember that, but it's too late now.)
Although the rest of the system still works, pgsql auth has failed.
My configuration currently looks like this (slightly edited):
<VirtualHost x.y.z.z:443>
ServerName xxxxx
DBDriver pgsql
DBDParams "dbname=xxxx user=xxxx"
DBDExptime 100
DBDKeep 1
DBDMax 5
DBDMin 1
DBDpersist on
# Note docs say 0|1 for persist, but it actually wants on|off
DocumentRoot /var/www/xxxx
<Directory /var/www/xxxx>
Options FollowSymLinks MultiViews +ExecCGI +Includes
AllowOverride All
AddHandler cgi-script cgi
DirectoryIndex index
Order allow,deny
allow from all
AddOutputFilterByType DEFLATE text/html text/plain
text/css text/javascript
AuthName "xxxx"
AuthType basic
AuthPAM_Enabled off
AuthBasicProvider dbd
AuthDBDUserPWQuery "select
'{SHA}'||encode(digest(decode(password_b64,'base64'),'sha1'),'base64')
from users where username=$1 and enabled"
require valid-user
</Directory>
SSLEngine on
SSLCertificateFile xxxx
ErrorLog /var/log/apache2/xxxxx/error.log
LogLevel warn
CustomLog /var/log/apache2/xxxx/access.log combined
ServerSignature On
</VirtualHost>
Yesterday I had "DBDpersist off", and no exptime, keep, min or max
parameters. I tried that at first with 2.2.4, with the following symptoms:
In the error log:
[Mon Aug 20 23:52:14 2007] [error] [client 86.6.8.194] No DBD Authn configured!
In the postgresql log, I see a connection, authorisation and immediate
disconnection, without any query being executed:
2007-08-20 23:52:30 BST LOG: connection received: host=[local]
2007-08-20 23:52:30 BST LOG: connection authorized: user=xxxx database=xxxx
2007-08-20 23:52:30 BST LOG: disconnection: session time: 0:00:00.040
user=xxxx database=xxxx host=[local]
I then tried the "persist on" settings shown above. This fails in a
different way. Nothing else in this configuration has changed since it
was working yesterday with 2.2.3, and the postgresql configuration has
not changed.
With "persist on", the symptom is that I see this in the error log:
[Mon Aug 20 23:12:29 2007] [error] [client 86.6.8.194] Error looking up
phil in database
In the postgresql log, I see *nothing at all*. This log records
something even if I just telnet to the right port number, which makes
me think that Apache isn't attempting to connect at all. I have tried
to debug with strace, and although it's hard to see what is going on I
can't see any attempts to open a database connection. lsof -i and lsof
-U don't appear to show any connection either.
So: Can anyone see anything obviously wrong with the configuration
shown above? I'm aware that there may be some known issues with this
stuff, but are there any known *regressions* from 2.2.3 to 2.2.4? Was
I just lucky before? How can I debug further? Is there a way to get
verbose debug out of mod_dbd? (I have tried "loglevel debug" but that
doesn't add anything.)
Many thanks for any advice.
Phil.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] RE : [users@httpd] authn_dbd: what format for
encrypted password?
Posted by Tom Donovan <do...@bellatlantic.net>.
Laurent FAILLIE wrote:
> --- Phil Endecott
>> Many thanks for any advice you can offer.
>
> Hi Phil,
>
> My only advice is to not use it as it doesn't work :-(
> Stock 2.2.4's dbd is buggy and even with an updated
> mod_dbd.c it randomly fails (see bug 42732 /
> http://issues.apache.org/bugzilla/show_bug.cgi?id=42732).
>
I disagree. I use mod_dbd with Apache 2.2.4 on both Windows & Linux
with success. I don't use it with PostgreSQL in production (although I
have tested with PostgreSQL and found no problems).
I have not experienced random failures (...so far...)
I always apply the patch from comment #22 in bug 39985
http://issues.apache.org/bugzilla/show_bug.cgi?id=39985#c22
For sites where idle connections may time out, I also apply the patch
that I proposed in APR bug 42841
http://issues.apache.org/bugzilla/show_bug.cgi?id=42841
Be careful with this one. It hasn't been accepted by the APR folks, and
there's really no indication that it ever will be.
re: documenting the Apache password stuff in the WIKI.
Sure, I will get this done in a day or two.
-tom-
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org