You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by paredes <pa...@aecom.yu.edu> on 2008/01/06 03:25:21 UTC
[users@httpd] DBDmysql connecting but not authenticating
Greetings!
I've been running OS-X 10.3.9, with apache2.2.3 [ldap w/failover to
mod_authn_dbd], mysql5.0.3x & php5.1 all built from source. I've just
upgraded our test server to OSX 10.5, apache2.2.6 & mysql5.0.51. The
problem is that while the DBDDriver connects it refuses to authenticate
valid users. The apache logs which are set to debug return:
"user jones: authentication failure for "/ProtectedArea": Password Mismatch"
When I deliberately provide an unknown user the logs return: "user mary
not found: /ProtectedArea"
Building apache2.2.6 & mysql5.0.51 from source produced no errors. I
copied apr-dbd_mysql.c from apr-util-1.2.12 into apache2.2.6's source. I
then tried to build apache 2.2.6 using the instructions I successfully
used above [customized from "A NetHack-esque Journey"] but that produced
many make & configure errors. I also then tried to use the snapshot
versions of both apr & apr-util to no avail. I've even tried using
different password formats such as encrypt, md5 & sha1 but all I get is
the password mismatch error. Also, when I deliberately provide a bad
password to DBDParams apache refuses to boot with a mysql can't connect
error.
Can anyone provide a hint on how to troubleshoot this problem?
Best regards,
Bill Paredes
Computer Based Education
Albert Einstein College of Medicine
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] DBDmysql connecting but not authenticating
Posted by Tom Donovan <do...@bellatlantic.net>.
paredes wrote:
> Hi Tom!
>
> I discovered that when I entered users & passwords with the mysql command
> line using password(), encrypt(), sha1() or old_password, only encrypt()
> was readable by apache authentication. Then I entered users and
> passwords using apache's htpasswd to generate md5 sha1 crypt and apache
> was able to authenticate those.
>
> So much to my surprise, mysql's sha1 and md5 produces an encryption not
> readable by apache. I was under the assumption that all sha1 and md5
> encryptions were the same across all applications!
>
re: "... encryptions were all the same..."
Unfortunately, no. The binary calculation is the same, but the encoding of the result differs
considerably.
There are some notes about password encryption in the Apache docs here:
http://httpd.apache.org/docs/2.2/misc/password_encryptions.html
-tom-
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] DBDmysql connecting but not authenticating
Posted by paredes <pa...@aecom.yu.edu>.
Hi Tom!
Thanks for the pointers. After much systematic experimenting I
discovered that when I entered users & passwords with the mysql command
line using password(), encrypt(), sha1() or old_password, only encrypt()
was readable by apache authentication. Then I entered users and
passwords using apache's htpasswd to generate md5 sha1 crypt and apache
was able to authenticate those.
So much to my surprise, mysql's sha1 and md5 produces an encryption not
readable by apache. I was under the assumption that all sha1 and md5
encryptions were the same across all applications!
This is an example of a mysql produced sha1:
*A34CDEEEE1232ACBCBCDD4D4D3D2D12341ACACE3
This is an example of an htpasswd produced sha1:
{SHA1}6u5F+11u1xNIBuFBh+X+sydW+4=
Regards,
-Bill
Tom Donovan wrote:
> paredes wrote:
>> Greetings!
>> I've been running OS-X 10.3.9, with apache2.2.3 [ldap w/failover to
>> mod_authn_dbd], mysql5.0.3x & php5.1 all built from source. I've just
>> upgraded our test server to OSX 10.5, apache2.2.6 & mysql5.0.51. The
>> problem is that while the DBDDriver connects it refuses to authenticate
>> valid users. The apache logs which are set to debug return:
>> "user jones: authentication failure for "/ProtectedArea": Password
>> Mismatch"
>> When I deliberately provide an unknown user the logs return: "user mary
>> not found: /ProtectedArea"
>>
> It sounds like you are getting *something* returned by your
> authentication query, just not the exact password hash.
>
> Possibly the problem is trailing spaces. The behavior of MySQL CHAR
> and VARCHAR fields for trailing spaces has changed over time per
> http://dev.mysql.com/doc/refman/5.0/en/char.html
>
> Try a SQL statement like: "SELECT TRIM(password_field) FROM
> user_table WHERE user_field = %s"
> instead of: "SELECT password_field FROM user_table WHERE user_field =
> %s"
>
> Additional clues might be found by enabling MySQL logging per:
> http://dev.mysql.com/doc/refman/5.0/en/query-log.html
> and checking what your SQL statement actually looks like to MySQL.
>
> -tom-
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] DBDmysql connecting but not authenticating
Posted by Tom Donovan <do...@bellatlantic.net>.
paredes wrote:
> Greetings!
> I've been running OS-X 10.3.9, with apache2.2.3 [ldap w/failover to
> mod_authn_dbd], mysql5.0.3x & php5.1 all built from source. I've just
> upgraded our test server to OSX 10.5, apache2.2.6 & mysql5.0.51. The
> problem is that while the DBDDriver connects it refuses to authenticate
> valid users. The apache logs which are set to debug return:
> "user jones: authentication failure for "/ProtectedArea": Password Mismatch"
> When I deliberately provide an unknown user the logs return: "user mary
> not found: /ProtectedArea"
>
It sounds like you are getting *something* returned by your authentication query, just not the exact
password hash.
Possibly the problem is trailing spaces. The behavior of MySQL CHAR and VARCHAR fields for trailing
spaces has changed over time per http://dev.mysql.com/doc/refman/5.0/en/char.html
Try a SQL statement like: "SELECT TRIM(password_field) FROM user_table WHERE user_field = %s"
instead of: "SELECT password_field FROM user_table WHERE user_field = %s"
Additional clues might be found by enabling MySQL logging per:
http://dev.mysql.com/doc/refman/5.0/en/query-log.html
and checking what your SQL statement actually looks like to MySQL.
-tom-
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org