Igor Sysoev <is@...> writes:
On Wed, 6 Dec 2006, T Gillett wrote:
Igor Sysoev <is <at> ...> writes:
It seems I found the bug. If the "test:cgsk91HyOZHGE" is the single
line in th efile and has no the carridge return or the line feed
characters (if you edit file in the joe editor), then nginx does
not understand the hash.
This doesn't appear to be the problem in this case.
The htpassword file actually has two lines as follows:
admin:cgwvsHpJSf6XU
test:cgsk91HyOZHGE
followed by two empty lines (carriage returns).
I copied the admin line from etc/passwd and checked the password encryption
with the perl script.
Authorisation fails for both admin and test logins.
May crypt() using another salt ?
What does
perl -le 'print crypt("test", "cgsk91HyOZHGE")'
show ?
Igor
I set up another id/password with a different salt as follows:
admin:cgwvsHpJSf6XU
test:cgsk91HyOZHGE
test1:abgOeLfPimXQo
Same result. Here are the access log entries:
192.168.1.25 - - [07/Dec/2006:06:49:23 +1000] GET /hello.php HTTP/1.1
Status"401" Bytes195 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8" "-"
192.168.1.25 - test1 [07/Dec/2006:06:49:35 +1000] GET /hello.php HTTP/1.1
Status"401" Bytes195 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8" "-"
I ran the perl script as follows:
# perl -le 'print crypt("test", "cgsk91HyOZHGE")'
cgsk91HyOZHGE
The result is the same if I use if I use an unknown id or an incorrect password.
Thanks
Terry
9 messages in ru.sysoev.nginxRe: Setting up HTTP Basic Authorisation
