Difference between revisions of "Apache Authentication"

From PeformIQ Upgrade
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
=Some References=
=Some References=


* http://modauthmysql.sourceforge.net/
* http://modauthmysql.sourceforge.net/
* http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html
* http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html
* http://www.howtoforge.com/mod_auth_mysql_apache2_debian
 
=Setting Passwords=
 
From - http://httpd.apache.org/docs/2.2/misc/password_encryptions.html
 
<pre>
Basic Authentication
 
There are four formats that Apache recognizes for basic-authentication passwords. Note that not all formats work on every platform:
 
PLAIN TEXT (i.e. unencrypted)
Windows, BEOS, & Netware only.
 
CRYPT
 
Unix only. Uses the traditional Unix crypt(3) function with a randomly-generated 32-bit salt (only 12 bits used) and the first 8 characters of the password.
 
SHA1
 
"{SHA}" + Base64-encoded SHA-1 digest of the password.
 
MD5
 
"$apr1$" + the result of an Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random 32-bit salt and the password. See the APR source file apr_md5.c for the details of the algorithm.
 
Generating values with htpasswd
 
MD5
 
  $ htpasswd -nbm myName myPassword
  myName:$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/
 
SHA1
 
  $ htpasswd -nbs myName myPassword
  myName:{SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE=
 
CRYPT
 
  $ htpasswd -nbd myName myPassword
  myName:rqXexS6ZhobKA
 
Generating CRYPT and MD5 values with the OpenSSL command-line program
OpenSSL knows the Apache-specific MD5 algorithm.
 
MD5
 
  $ openssl passwd -apr1 myPassword
  $apr1$qHDFfhPC$nITSVHgYbDAK1Y0acGRnY0
 
CRYPT
 
  openssl passwd -crypt myPassword
  qQ5vTYO3c8dsU
 
Validating CRYPT or MD5 passwords with the OpenSSL command line program
The salt for a CRYPT password is the first two characters (converted to a binary value). To validate myPassword against rqXexS6ZhobKA
 
CRYPT
 
  $ openssl passwd -crypt -salt rq myPassword
  Warning: truncating password to 8 characters
  rqXexS6ZhobKA
 
Note that using myPasswo instead of myPassword will produce the same result because only the first 8 characters of CRYPT passwords are considered.
 
The salt for an MD5 password is between $apr1$ and the following $ (as a Base64-encoded binary value - max 8 chars). To validate myPassword against $apr1$r31.....$HqJZimcKQFAMYayBlzkrA/
 
MD5
 
  $ openssl passwd -apr1 -salt r31..... myPassword
  $apr1$r31.....$HqJZimcKQFAMYayBlzkrA/
 
</pre>


[[Category:Internet]]
[[Category:Internet]]
[[Category:TODO]]
[[Category:TODO]]

Latest revision as of 18:17, 31 March 2014

Some References

Setting Passwords

From - http://httpd.apache.org/docs/2.2/misc/password_encryptions.html

Basic Authentication

There are four formats that Apache recognizes for basic-authentication passwords. Note that not all formats work on every platform:

PLAIN TEXT (i.e. unencrypted)
Windows, BEOS, & Netware only.

CRYPT

Unix only. Uses the traditional Unix crypt(3) function with a randomly-generated 32-bit salt (only 12 bits used) and the first 8 characters of the password.

SHA1

"{SHA}" + Base64-encoded SHA-1 digest of the password.

MD5

"$apr1$" + the result of an Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random 32-bit salt and the password. See the APR source file apr_md5.c for the details of the algorithm.

Generating values with htpasswd

MD5

  $ htpasswd -nbm myName myPassword
  myName:$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/

SHA1

  $ htpasswd -nbs myName myPassword
  myName:{SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE=

CRYPT

  $ htpasswd -nbd myName myPassword
  myName:rqXexS6ZhobKA

Generating CRYPT and MD5 values with the OpenSSL command-line program
OpenSSL knows the Apache-specific MD5 algorithm.

MD5

  $ openssl passwd -apr1 myPassword
  $apr1$qHDFfhPC$nITSVHgYbDAK1Y0acGRnY0

CRYPT

  openssl passwd -crypt myPassword
  qQ5vTYO3c8dsU

Validating CRYPT or MD5 passwords with the OpenSSL command line program
The salt for a CRYPT password is the first two characters (converted to a binary value). To validate myPassword against rqXexS6ZhobKA

CRYPT

  $ openssl passwd -crypt -salt rq myPassword
  Warning: truncating password to 8 characters
  rqXexS6ZhobKA

Note that using myPasswo instead of myPassword will produce the same result because only the first 8 characters of CRYPT passwords are considered.

The salt for an MD5 password is between $apr1$ and the following $ (as a Base64-encoded binary value - max 8 chars). To validate myPassword against $apr1$r31.....$HqJZimcKQFAMYayBlzkrA/

MD5

  $ openssl passwd -apr1 -salt r31..... myPassword
  $apr1$r31.....$HqJZimcKQFAMYayBlzkrA/