From owner-freebsd-questions Thu Aug 8 21:41:46 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E1A237B400 for ; Thu, 8 Aug 2002 21:41:41 -0700 (PDT) Received: from boris.st.hmc.edu (boris.ST.HMC.Edu [134.173.63.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id A332043E6A for ; Thu, 8 Aug 2002 21:41:40 -0700 (PDT) (envelope-from jeff@unixconsults.com) Received: from boris.st.hmc.edu (localhost [127.0.0.1]) by boris.st.hmc.edu (8.12.3/8.12.3) with ESMTP id g794feue001389; Thu, 8 Aug 2002 21:41:40 -0700 (PDT) Received: from localhost (jeff@localhost) by boris.st.hmc.edu (8.12.3/8.12.3/Submit) with ESMTP id g794fdNx001386; Thu, 8 Aug 2002 21:41:39 -0700 (PDT) (envelope-from jeff@unixconsults.com) X-Authentication-Warning: boris.st.hmc.edu: jeff owned process doing -bs Date: Thu, 8 Aug 2002 21:41:39 -0700 (PDT) From: Jeff Jirsa X-X-Sender: jeff@boris.st.hmc.edu To: Brian McCann Cc: freebsd-questions@FreeBSD.ORG Subject: RE: htpasswd / Apache In-Reply-To: <000601c23f59$4bbd94b0$2e00a8c0@dogbert> Message-ID: <20020808212823.X1332-100000@boris.st.hmc.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-milter on boris.st.hmc.edu Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 9 Aug 2002, Brian McCann wrote: > Ok...I'll give it a shot. When I use the crypt statement in PHP though, > what do I use as the salt in order to generate a PW that will work? The > username? > In php, there are two crypt functions: crypt(string) will return a string hashed with a randomly chosen salt. crypt(string,salt) will return a string hashed with the specified salt. If you're just generating password, simply calling crypt(password) will give you a valid hash. If you ever need to check a crypt'ed password (which you probably won't need to do, mod_auth_mysql will do it for you) , the first two characters of the hash are the salt: if (crypt($input,$password) == $password) { # password is valid } If it still isn't working, test it by writing a simple script to make sure crypt() is using DES crypt rather than MD5 or blowfish (md5 will begin with $1$, blowfish will begin with $2$, crypt will have neither). The reason for the test is simple: on unix systems, php occasionally tries to use md5 rather than des crypt, based on the lenght of the salt. If the default crypt() function is returning a hash beginning with $1$, you'll have to call crypt with a random _2_ character salt to force it into des crypt mode. -- Jeff > > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG] On Behalf Of Jeff Jirsa > Sent: Thursday, August 08, 2002 11:53 PM > To: Brian McCann > Cc: freebsd-questions@FreeBSD.ORG > Subject: RE: htpasswd / Apache > > > On Thu, 8 Aug 2002, Brian McCann wrote: > > > I've tried it...but I could NEVER get it to work right with encrypted > > passwords. This was actually what I tried first...but since I could > > only get it to work with clear text passwords, I gave up on it. My > > problem was no matter where I grabbed the PW from to put into the db > > (using htpasswd or crypt), I could never authenticate right. Do you > > have any example code or a site I could look at to help me out for how > > > to add people into the DB using encrypted PWs? Preferably MD5. > > > > > This link has always worked well for me ... > > http://www.cgi101.com/class/password/mod_auth_mysql.html > > The directive to notice is : Auth_MySQL_Encryption_Types Crypt_DES > Everything else should be pretty much self explainatory ... MD5 doesn't > seem to be an option. > > Adding them is trivial ... but just in case ... once connected to the > db, issue a command similar to: > > INSERT INTO http_auth (username,passwd,groups) > VALUES("username","cryptedpass","default"); > > > - Jeff > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- Jeff Jirsa jeff@unixconsults.com -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message