From owner-freebsd-questions Thu Jun 6 14:10:55 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id OAA07350 for questions-outgoing; Thu, 6 Jun 1996 14:10:55 -0700 (PDT) Received: from shogun.tdktca.com ([206.26.1.21]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id OAA07303 for ; Thu, 6 Jun 1996 14:10:04 -0700 (PDT) Received: from shogun.tdktca.com (daemon@localhost) by shogun.tdktca.com (8.7.2/8.7.2) with ESMTP id QAA04634 for ; Thu, 6 Jun 1996 16:11:23 -0500 (CDT) Received: from orion.fa.tdktca.com ([163.49.131.130]) by shogun.tdktca.com (8.7.2/8.7.2) with SMTP id QAA04625 for ; Thu, 6 Jun 1996 16:11:22 -0500 (CDT) Received: from orion (alex@localhost [127.0.0.1]) by orion.fa.tdktca.com (8.6.12/8.6.9) with SMTP id QAA17494; Thu, 6 Jun 1996 16:15:42 -0500 Message-ID: <31B74A7D.6D10540B@fa.tdktca.com> Date: Thu, 06 Jun 1996 16:15:41 -0500 From: Alex Nash Organization: TDK Factory Automation X-Mailer: Mozilla 2.0 (X11; I; Linux 1.2.13 i586) MIME-Version: 1.0 To: Carlos Amengual CC: freebsd-questions@freebsd.org, mitayai@dreaming.org Subject: Re: DES vs MD5 References: <31B7140C.3014@sadeya.cesca.es> <31B70A3A.587DDF88@fa.tdktca.com> <31B75ECB.1007@sadeya.cesca.es> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Carlos Amengual wrote: > > I'd also check your HTTP log files (particularly the error log), it may not > > be looking in the right place for the password file (possible configuration > > error in access.conf). > > >From my error_log file: > --------------------------------------------------------------- > [Thu Jun 6 22:24:49 1996] access to /privado/ failed for blanco.sadeya.cesca.es > , reason: user amengual: password mismatch > [Thu Jun 6 22:25:00 1996] access to /privado/ failed for blanco.sadeya.cesca.es > , reason: user amengual: password mismatch > --------------------------------------------------------------- > > The same is the case for other usernames. I even tried to copy the master.passwd > file and use it as the WWW password file, but it also failed. > > Knowing that you use Apache 1.05 with MD5 I will investigate this further, but > any suggestion would be useful. It's time to use the source, Luke. Can you apply the following patch to mod_auth and see what happens? This will tell you what Apache is comparing. Alex *** /root/sources/apache_1.0.5/src/mod_auth.c Sat Feb 17 02:32:08 1996 --- mod_auth.c Thu Jun 6 16:09:58 1996 *************** *** 178,184 **** } /* anyone know where the prototype for crypt is? */ if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) { ! sprintf(errstr,"user %s: password mismatch",c->user); log_reason (errstr, r->uri, r); note_basic_auth_failure (r); return AUTH_REQUIRED; --- 178,185 ---- } /* anyone know where the prototype for crypt is? */ if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) { ! sprintf(errstr,"user %s: password mismatch (real = %s, sent = %s)", ! c->user, real_pw, (char *)crypt(send_pt,real_pw)); log_reason (errstr, r->uri, r); note_basic_auth_failure (r); return AUTH_REQUIRED;