From owner-freebsd-isp Sun Nov 28 22:18: 3 1999 Delivered-To: freebsd-isp@freebsd.org Received: from blackbird.lonetree.com (blackbird.lonetree.com [207.141.55.3]) by hub.freebsd.org (Postfix) with ESMTP id 560591525A for ; Sun, 28 Nov 1999 22:18:00 -0800 (PST) (envelope-from wolfman@csocs.com) Received: from csocs.com [209.64.46.23] by blackbird.lonetree.com with ESMTP (SMTPD32-5.01) id AA79B2DA0124; Sun, 28 Nov 1999 23:17:29 mdt Message-ID: <38421B77.C8C9314E@csocs.com> Date: Sun, 28 Nov 1999 23:21:43 -0700 From: "J.C. Frazier" X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.3-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Subject: Re: apache13-fp-modssl problem with passwords References: <384218E4.12795CCC@csocs.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Tom wrote: > > > On Sun, 28 Nov 1999, J.C. Frazier wrote: > > ... > > > Anytime a user tries to publish a page from the client, or perform > > > anyother operation as an author/administrator, there is a password > > > mismatch. I have checked the passwords and they are correct. md5 and > > > des are installed on the box, md5 being the default. I believe that > > ... > > > "FreeBSD 'should' support both once you have the secure package > > ... > > > Taken from /var/log/httpd-error.log: > > > [Sat Nov 27 20:28:01 1999] [error] user fpadmin: authentication failure > > > for "/_vti_bin/_vti_aut/author.exe": password mismatch > > > > Do a "file" on author.exe. If it is statically linked, it was probably > > linked against someother crypt(). > > > > FreeBSD's libcrypt has a crypt() function that can understand both DES > > and MD5. Howerver, it encrypts using the mentod specified by the symlink. > > > > Tom > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message bash-2.03# file author.exe author.exe: BSD/OS i386 compact demand paged executable I also checked the service.pwd files and it is at least encrypting it in DES: bash-2.03# john /usr2/www/user/_vti_pvt/service.pwd Loaded 1 password (Standard DES [24/32 4K]) correctpassword (user) <--- (real pass and username left out of this e-mail) Just not sure about the process of decryption on frontpage or how the passwords are matched... MS has a way about not providing src code for binaries when you need it. J.C. Frazier To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message