Difference between revisions of "Apache Authentication"
Jump to navigation
Jump to search
PeterHarding (talk | contribs) |
PeterHarding (talk | contribs) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 3: | Line 3: | ||
* http://modauthmysql.sourceforge.net/ | * http://modauthmysql.sourceforge.net/ | ||
* http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html | * http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html | ||
* http://www.howtoforge.com/mod_auth_mysql_apache2_debian | |||
=Setting Passwords= | |||
From - http://httpd.apache.org/docs/2.2/misc/password_encryptions.html | |||
<pre> | |||
Basic Authentication | |||
There are four formats that Apache recognizes for basic-authentication passwords. Note that not all formats work on every platform: | |||
PLAIN TEXT (i.e. unencrypted) | |||
Windows, BEOS, & Netware only. | |||
CRYPT | |||
Unix only. Uses the traditional Unix crypt(3) function with a randomly-generated 32-bit salt (only 12 bits used) and the first 8 characters of the password. | |||
SHA1 | |||
"{SHA}" + Base64-encoded SHA-1 digest of the password. | |||
MD5 | |||
"$apr1$" + the result of an Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random 32-bit salt and the password. See the APR source file apr_md5.c for the details of the algorithm. | |||
Generating values with htpasswd | |||
MD5 | |||
$ htpasswd -nbm myName myPassword | |||
myName:$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/ | |||
SHA1 | |||
$ htpasswd -nbs myName myPassword | |||
myName:{SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE= | |||
CRYPT | |||
$ htpasswd -nbd myName myPassword | |||
myName:rqXexS6ZhobKA | |||
Generating CRYPT and MD5 values with the OpenSSL command-line program | |||
OpenSSL knows the Apache-specific MD5 algorithm. | |||
MD5 | |||
$ openssl passwd -apr1 myPassword | |||
$apr1$qHDFfhPC$nITSVHgYbDAK1Y0acGRnY0 | |||
CRYPT | |||
openssl passwd -crypt myPassword | |||
qQ5vTYO3c8dsU | |||
Validating CRYPT or MD5 passwords with the OpenSSL command line program | |||
The salt for a CRYPT password is the first two characters (converted to a binary value). To validate myPassword against rqXexS6ZhobKA | |||
CRYPT | |||
$ openssl passwd -crypt -salt rq myPassword | |||
Warning: truncating password to 8 characters | |||
rqXexS6ZhobKA | |||
Note that using myPasswo instead of myPassword will produce the same result because only the first 8 characters of CRYPT passwords are considered. | |||
The salt for an MD5 password is between $apr1$ and the following $ (as a Base64-encoded binary value - max 8 chars). To validate myPassword against $apr1$r31.....$HqJZimcKQFAMYayBlzkrA/ | |||
MD5 | |||
$ openssl passwd -apr1 -salt r31..... myPassword | |||
$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/ | |||
</pre> | |||
[[Category:Internet]] | [[Category:Internet]] | ||
[[Category:TODO]] | [[Category:TODO]] | ||
Latest revision as of 17:17, 31 March 2014
Some References
- http://modauthmysql.sourceforge.net/
- http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html
- http://www.howtoforge.com/mod_auth_mysql_apache2_debian
Setting Passwords
From - http://httpd.apache.org/docs/2.2/misc/password_encryptions.html
Basic Authentication
There are four formats that Apache recognizes for basic-authentication passwords. Note that not all formats work on every platform:
PLAIN TEXT (i.e. unencrypted)
Windows, BEOS, & Netware only.
CRYPT
Unix only. Uses the traditional Unix crypt(3) function with a randomly-generated 32-bit salt (only 12 bits used) and the first 8 characters of the password.
SHA1
"{SHA}" + Base64-encoded SHA-1 digest of the password.
MD5
"$apr1$" + the result of an Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random 32-bit salt and the password. See the APR source file apr_md5.c for the details of the algorithm.
Generating values with htpasswd
MD5
$ htpasswd -nbm myName myPassword
myName:$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/
SHA1
$ htpasswd -nbs myName myPassword
myName:{SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE=
CRYPT
$ htpasswd -nbd myName myPassword
myName:rqXexS6ZhobKA
Generating CRYPT and MD5 values with the OpenSSL command-line program
OpenSSL knows the Apache-specific MD5 algorithm.
MD5
$ openssl passwd -apr1 myPassword
$apr1$qHDFfhPC$nITSVHgYbDAK1Y0acGRnY0
CRYPT
openssl passwd -crypt myPassword
qQ5vTYO3c8dsU
Validating CRYPT or MD5 passwords with the OpenSSL command line program
The salt for a CRYPT password is the first two characters (converted to a binary value). To validate myPassword against rqXexS6ZhobKA
CRYPT
$ openssl passwd -crypt -salt rq myPassword
Warning: truncating password to 8 characters
rqXexS6ZhobKA
Note that using myPasswo instead of myPassword will produce the same result because only the first 8 characters of CRYPT passwords are considered.
The salt for an MD5 password is between $apr1$ and the following $ (as a Base64-encoded binary value - max 8 chars). To validate myPassword against $apr1$r31.....$HqJZimcKQFAMYayBlzkrA/
MD5
$ openssl passwd -apr1 -salt r31..... myPassword
$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/