From owner-freebsd-isp Sun Nov 28 22:19:57 1999 Delivered-To: freebsd-isp@freebsd.org Received: from misery.sdf.com (misery.sdf.com [204.244.213.49]) by hub.freebsd.org (Postfix) with ESMTP id EB396153DD for ; Sun, 28 Nov 1999 22:19:53 -0800 (PST) (envelope-from tom@sdf.com) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 11sIeE-0000xq-00; Sun, 28 Nov 1999 20:42:46 -0800 Date: Sun, 28 Nov 1999 20:42:45 -0800 (PST) From: Tom To: "J.C. Frazier" Cc: freebsd-isp@freebsd.org Subject: Re: apache13-fp-modssl problem with passwords In-Reply-To: <384218E4.12795CCC@csocs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 28 Nov 1999, J.C. Frazier wrote: > Tom wrote: > > > On Sun, 28 Nov 1999, J.C. Frazier wrote: > > ... > > > Anytime a user tries to publish a page from the client, or perform > > > anyother operation as an author/administrator, there is a password > > > mismatch. I have checked the passwords and they are correct. md5 and > > > des are installed on the box, md5 being the default. I believe that > > ... > > > "FreeBSD 'should' support both once you have the secure package > > ... > > > Taken from /var/log/httpd-error.log: > > > [Sat Nov 27 20:28:01 1999] [error] user fpadmin: authentication failure > > > for "/_vti_bin/_vti_aut/author.exe": password mismatch > > > > Do a "file" on author.exe. If it is statically linked, it was probably > > linked against someother crypt(). > > > > FreeBSD's libcrypt has a crypt() function that can understand both DES > > and MD5. Howerver, it encrypts using the mentod specified by the symlink. > > > > Tom > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > bash-2.03# file author.exe > author.exe: BSD/OS i386 compact demand paged executable Statically link (since it doesn't say dynamic, it has to be static), and it is a BSD/OS executable, and I doubt that the crypt() function on BSD/OS knows anything about MD5 passwords. > I also checked the service.pwd files and it is encrypting it in DES: > bash-2.03# john /usr2/www/user/_vti_pvt/service.pwd > Loaded 1 password (Standard DES [24/32 4K]) > correctpassword (user) <--- (real pass and username left out of > this e-mail) > > Just not sure about the process of decryption on frontpage or how the > passwords are matched... Try a DES password in master.passwd. If frontpage works with that, then you must either use DES passwords for everyone who wants to use frontpage, or get RTR Software to make a FreeBSD build of the frontpage executables. > J.C. Frazier Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message