Apache Authentication
Revision as of 18:17, 31 March 2014 by PeterHarding (talk | contribs)
Some References
- http://modauthmysql.sourceforge.net/
- http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html
- http://www.howtoforge.com/mod_auth_mysql_apache2_debian
Setting Passwords
From - http://httpd.apache.org/docs/2.2/misc/password_encryptions.html
Basic Authentication There are four formats that Apache recognizes for basic-authentication passwords. Note that not all formats work on every platform: PLAIN TEXT (i.e. unencrypted) Windows, BEOS, & Netware only. CRYPT Unix only. Uses the traditional Unix crypt(3) function with a randomly-generated 32-bit salt (only 12 bits used) and the first 8 characters of the password. SHA1 "{SHA}" + Base64-encoded SHA-1 digest of the password. MD5 "$apr1$" + the result of an Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random 32-bit salt and the password. See the APR source file apr_md5.c for the details of the algorithm. Generating values with htpasswd MD5 $ htpasswd -nbm myName myPassword myName:$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/ SHA1 $ htpasswd -nbs myName myPassword myName:{SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE= CRYPT $ htpasswd -nbd myName myPassword myName:rqXexS6ZhobKA Generating CRYPT and MD5 values with the OpenSSL command-line program OpenSSL knows the Apache-specific MD5 algorithm. MD5 $ openssl passwd -apr1 myPassword $apr1$qHDFfhPC$nITSVHgYbDAK1Y0acGRnY0 CRYPT openssl passwd -crypt myPassword qQ5vTYO3c8dsU Validating CRYPT or MD5 passwords with the OpenSSL command line program The salt for a CRYPT password is the first two characters (converted to a binary value). To validate myPassword against rqXexS6ZhobKA CRYPT $ openssl passwd -crypt -salt rq myPassword Warning: truncating password to 8 characters rqXexS6ZhobKA Note that using myPasswo instead of myPassword will produce the same result because only the first 8 characters of CRYPT passwords are considered. The salt for an MD5 password is between $apr1$ and the following $ (as a Base64-encoded binary value - max 8 chars). To validate myPassword against $apr1$r31.....$HqJZimcKQFAMYayBlzkrA/ MD5 $ openssl passwd -apr1 -salt r31..... myPassword $apr1$r31.....$HqJZimcKQFAMYayBlzkrA/