You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Mayl Support <su...@mayl.net> on 2003/01/05 07:02:56 UTC

[users@httpd] ------------ ** Basic Auth Encription On WinXP

How's it going folks.

Wondering if anyone could help me on this:

I'm running Apache on WinXP. Everything works great...except...

I use the htpasswd.exe file to create users and passwords just fine.
It seems to default to MD5-  I want to use the -d switch (which is just Encrypt) mode.
It's stuck on MD5 however I can use the other modes just fine.

I'm using paypals user name and password subscriptions. It provides the user name and passwords automaticly. It sends it to my files just fine....the problem is apache doesn't seem to understand the encryption that paypal is using.

example:

If I make a user name and password, it looks like this:
    joeblow:$ddj323342f.....H8di&$o2390ui%#psf9083ioJF


When paypal encrypts it, it looks like this:
    joeblow:Jf8kjdj92JJfj^%8f


So naturally, when apache goes and trys to decrypt it at login time, the password doesn't match.

Here's my .htaccess code:
AuthName "foo bar Membership Access"
AuthType Basic
AuthUserFile e:/passwordfile
AuthGroupFile e:/websites/4900pass/null

require valid-user

any suggestions?
RG

Re: [users@httpd] ------------ ** Basic Auth Encription On WinXP

Posted by "J. Greenlees" <ja...@shaw.ca>.

did you keep the "key" paypal sent you for decrypting their messages?
and you are aware that crypt cannot un encode a password?
you have to actually put paypal's encrypted password into your auth file 
  and encrypt your basic auth with the ++++exact same hash++++ or you 
will never get the exact same string to compare and match.

Mayl Support wrote:
> How's it going folks.
>  
> Wondering if anyone could help me on this:
>  
> I'm running Apache on WinXP. Everything works great...except...
>  
> I use the htpasswd.exe file to create users and passwords just fine.
> It seems to default to MD5-  I want to use the -d switch (which is just 
> Encrypt) mode.
> It's stuck on MD5 however I can use the other modes just fine.
>  
> I'm using paypals user name and password subscriptions. It provides the 
> user name and passwords automaticly. It sends it to my files just 
> fine....the problem is apache doesn't seem to understand the encryption 
> that paypal is using.
>  
> example:
>  
> If I make a user name and password, it looks like this:
>     joeblow:$ddj323342f.....H8di&$o2390ui%#psf9083ioJF
>  
>  
> When paypal encrypts it, it looks like this:
>     joeblow:Jf8kjdj92JJfj^%8f
>  
>  
> So naturally, when apache goes and trys to decrypt it at login time, the 
> password doesn't match.
>  
> Here's my .htaccess code:
> AuthName "foo bar Membership Access"
> AuthType Basic
> AuthUserFile e:/passwordfile
> AuthGroupFile e:/websites/4900pass/null
>  
> require valid-user
>  
> any suggestions?
> RG



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] ------------ ** Basic Auth Encription On WinXP

Posted by Rich Bowen <rb...@rcbowen.com>.

On Sat, 4 Jan 2003, Mayl Support wrote:

> If I make a user name and password, it looks like this:
>     joeblow:$ddj323342f.....H8di&$o2390ui%#psf9083ioJF
>
>
> When paypal encrypts it, it looks like this:
>     joeblow:Jf8kjdj92JJfj^%8f

Well, I don't know what paypal has to do with anything, but the
difference between these two is that the first is an MD5 encrypted
string, and the second is crypt. Or at least, so it appears at first
glance.

htpasswd takes an additional argument to let you specify the encryption
type used. On Unix, the default is crypt, and on Windows the default is
MD5

Specifying a -d flag will make it use crypt. Specifying a -m flag will
make it use MD5. Specifying -s will make it use SHA. And -p will make it
store the password plaintext.

For more details, type: htpasswd -h

Or see the htpasswd documentation, at
http://httpd.apache.org/docs/programs/htpasswd.html

Hope this helps

--
Rich Bowen - rbowen@apache.org
Apache Documentation Project
http://httpd.apache.org/docs-project/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org