9 messages in ru.sysoev.nginxRe: Setting up HTTP Basic Authorisation| From | Sent On | Attachments |
|---|---|---|
| T Gillett | Dec 6, 2006 3:02 am | |
| Igor Sysoev | Dec 6, 2006 3:15 am | |
| T Gillett | Dec 6, 2006 4:11 am | |
| Igor Sysoev | Dec 6, 2006 4:23 am | |
| T Gillett | Dec 6, 2006 4:43 am | |
| Igor Sysoev | Dec 6, 2006 5:00 am | |
| T Gillett | Dec 6, 2006 5:15 am | |
| Igor Sysoev | Dec 6, 2006 5:40 am | |
| T Gillett | Dec 6, 2006 12:54 pm |
| Subject: | Re: Setting up HTTP Basic Authorisation | |
|---|---|---|
| From: | T Gillett (tgil...@public.gmane.org) | |
| Date: | Dec 6, 2006 12:54:32 pm | |
| List: | ru.sysoev.nginx | |
Igor Sysoev <is@...> writes:
On Wed, 6 Dec 2006, T Gillett wrote:
Igor Sysoev <is <at> ...> writes:
It seems I found the bug. If the "test:cgsk91HyOZHGE" is the single line in th efile and has no the carridge return or the line feed characters (if you edit file in the joe editor), then nginx does not understand the hash.
This doesn't appear to be the problem in this case.
The htpassword file actually has two lines as follows: admin:cgwvsHpJSf6XU test:cgsk91HyOZHGE
followed by two empty lines (carriage returns). I copied the admin line from etc/passwd and checked the password encryption with the perl script. Authorisation fails for both admin and test logins.
May crypt() using another salt ?
What does perl -le 'print crypt("test", "cgsk91HyOZHGE")' show ?
Igor Sysoev http://sysoev.ru/en/
Igor I set up another id/password with a different salt as follows:
admin:cgwvsHpJSf6XU test:cgsk91HyOZHGE test1:abgOeLfPimXQo
Same result. Here are the access log entries:
192.168.1.25 - - [07/Dec/2006:06:49:23 +1000] GET /hello.php HTTP/1.1 Status"401" Bytes195 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8" "-"
192.168.1.25 - test1 [07/Dec/2006:06:49:35 +1000] GET /hello.php HTTP/1.1 Status"401" Bytes195 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8" "-"
I ran the perl script as follows:
# perl -le 'print crypt("test", "cgsk91HyOZHGE")' cgsk91HyOZHGE
The result is the same if I use if I use an unknown id or an incorrect password.
Thanks Terry