You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by jf...@juno.com on 2002/07/14 19:06:01 UTC
Security
Hi
I'm using Windows 2000
with apache 1.3.2.3
I wrote a script to write login info to a .htpasswd file
a .htaccess is in the same dir with this setup
AuthName "members"
AuthType Basic
AuthUserFile c:\apache\htdocs\members\.htpasswd
require valid-user
Satisfy All
Everything works except that apache does not seem to recognize the
.htpasswd file
I receive a challenge from the server for username and password but when
entered it will not recognize it.
Please help
Thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Security
Posted by Mark Mentovai <ma...@mentovai.com>.
jffusion@juno.com wrote:
> I'm using Windows 2000
> with apache 1.3.2.3
Is that 1.3.23? You should consider an upgrade.
What hashing algorithm are you using? Apache on Windows doesn't do
crypt; the hash of a password with no explicit algorithm is defined to
be the plaintext of the password itself. (This is probably not what
you want to do.)
> I wrote a script to write login info to a .htpasswd file
> a .htaccess is in the same dir with this setup
What's your script doing? What happens if you create .htpasswd with
the htpasswd utility? On Windows, htpasswd uses MD5 by default or if
crypt is requested.
> Everything works except that apache does not seem to recognize the
> .htpasswd file
> I receive a challenge from the server for username and password but
> when
> entered it will not recognize it.
Your options are to use MD5 or SHA-1 hashes in password file, or to use
plaintext passwords (fine for testing but not recommended for
production use). htpasswd can hash to both MD5 and SHA-1.
If your hashes are correct and you're still having trouble, check your
error log(s) for related messages.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org