Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 06 Jun 1996 16:15:41 -0500
From:      Alex Nash <alex@fa.tdktca.com>
To:        Carlos Amengual <amengual@sadeya.cesca.es>
Cc:        freebsd-questions@freebsd.org, mitayai@dreaming.org
Subject:   Re: DES vs MD5
Message-ID:  <31B74A7D.6D10540B@fa.tdktca.com>
References:  <Pine.BSF.3.91.960606004824.21478A-100000@dreamlabs.dreaming.org> <31B7140C.3014@sadeya.cesca.es> <31B70A3A.587DDF88@fa.tdktca.com> <31B75ECB.1007@sadeya.cesca.es>
next in thread | previous in thread | raw e-mail | index | archive | help 
Carlos Amengual wrote:
> > I'd also check your HTTP log files (particularly the error log), it may not
> > be looking in the right place for the password file (possible configuration
> > error in access.conf).
> 
> >From my error_log file:
> ---------------------------------------------------------------
> [Thu Jun  6 22:24:49 1996] access to /privado/ failed for blanco.sadeya.cesca.es
> , reason: user amengual: password mismatch
> [Thu Jun  6 22:25:00 1996] access to /privado/ failed for blanco.sadeya.cesca.es
> , reason: user amengual: password mismatch
> ---------------------------------------------------------------
> 
> The same is the case for other usernames. I even tried to copy the master.passwd
> file and use it as the WWW password file, but it also failed.
> 
> Knowing that you use Apache 1.05 with MD5 I will investigate this further, but
> any suggestion would be useful.

It's time to use the source, Luke.  Can you apply the following patch to
mod_auth and see what happens?  This will tell you what Apache is comparing.

Alex

*** /root/sources/apache_1.0.5/src/mod_auth.c   Sat Feb 17 02:32:08 1996
--- mod_auth.c  Thu Jun  6 16:09:58 1996
***************
*** 178,184 ****
      }
      /* anyone know where the prototype for crypt is? */
      if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
!         sprintf(errstr,"user %s: password mismatch",c->user);
        log_reason (errstr, r->uri, r);
        note_basic_auth_failure (r);
        return AUTH_REQUIRED;
--- 178,185 ----
      }
      /* anyone know where the prototype for crypt is? */
      if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
!         sprintf(errstr,"user %s: password mismatch (real = %s, sent = %s)",
!                               c->user, real_pw, (char *)crypt(send_pt,real_pw));
        log_reason (errstr, r->uri, r);
        note_basic_auth_failure (r);
        return AUTH_REQUIRED;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?31B74A7D.6D10540B>