Date: Thu, 8 Aug 2002 21:41:39 -0700 (PDT) From: Jeff Jirsa <jeff@unixconsults.com> To: Brian McCann <bjm1287@ritvax.rit.edu> Cc: freebsd-questions@FreeBSD.ORG Subject: RE: htpasswd / Apache Message-ID: <20020808212823.X1332-100000@boris.st.hmc.edu> In-Reply-To: <000601c23f59$4bbd94b0$2e00a8c0@dogbert>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 9 Aug 2002, Brian McCann wrote:
> Ok...I'll give it a shot. When I use the crypt statement in PHP though,
> what do I use as the salt in order to generate a PW that will work? The
> username?
>
In php, there are two crypt functions:
crypt(string) will return a string hashed with a randomly chosen salt.
crypt(string,salt) will return a string hashed with the specified salt.
If you're just generating password, simply calling crypt(password) will
give you a valid hash.
If you ever need to check a crypt'ed password (which you probably won't
need to do, mod_auth_mysql will do it for you) , the first two characters
of the hash are the salt:
if (crypt($input,$password) == $password) {
# password is valid
}
If it still isn't working, test it by writing a simple script to make sure
crypt() is using DES crypt rather than MD5 or blowfish (md5 will begin
with $1$, blowfish will begin with $2$, crypt will have neither). The
reason for the test is simple: on unix systems, php occasionally tries to
use md5 rather than des crypt, based on the lenght of the salt. If the
default crypt() function is returning a hash beginning with $1$, you'll
have to call crypt with a random _2_ character salt to force it into des
crypt mode.
-- Jeff
>
> -----Original Message-----
> From: owner-freebsd-questions@FreeBSD.ORG
> [mailto:owner-freebsd-questions@FreeBSD.ORG] On Behalf Of Jeff Jirsa
> Sent: Thursday, August 08, 2002 11:53 PM
> To: Brian McCann
> Cc: freebsd-questions@FreeBSD.ORG
> Subject: RE: htpasswd / Apache
>
>
> On Thu, 8 Aug 2002, Brian McCann wrote:
>
> > I've tried it...but I could NEVER get it to work right with encrypted
> > passwords. This was actually what I tried first...but since I could
> > only get it to work with clear text passwords, I gave up on it. My
> > problem was no matter where I grabbed the PW from to put into the db
> > (using htpasswd or crypt), I could never authenticate right. Do you
> > have any example code or a site I could look at to help me out for how
>
> > to add people into the DB using encrypted PWs? Preferably MD5.
> >
>
>
> This link has always worked well for me ...
>
> http://www.cgi101.com/class/password/mod_auth_mysql.html
>
> The directive to notice is : Auth_MySQL_Encryption_Types Crypt_DES
> Everything else should be pretty much self explainatory ... MD5 doesn't
> seem to be an option.
>
> Adding them is trivial ... but just in case ... once connected to the
> db, issue a command similar to:
>
> INSERT INTO http_auth (username,passwd,groups)
> VALUES("username","cryptedpass","default");
>
>
> - Jeff
>
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
--
Jeff Jirsa
jeff@unixconsults.com
--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020808212823.X1332-100000>