htpasswd broken?

[Zim]

I cannot get a usable password out of htpasswd.

If I type

htpasswd -c passwordfile me

and enter "my" for the password, I get

me:rrkKqy8tj/4SA

as the resulting file. I post that to see comparisons from others.

But when I put that into my .htpasswd file, I failed authorisation every time.

However I can replace this line with a line from another .htpasswd file I have from another unix system (to which I no longer have access), and that password DOES work, so I believe the authentication process is intact, but the password generation process is what is broken.

I have tried the various options, including plaintext, to no avail.

10.1.3

Other threads suggest that people have gotten it to work.

Ideas?

Thanks,
Mike

 

[blb]

htpasswd should use the standard Unix crypt() call, so if crypt() on another system generates the same string, then I'd say htpasswd on OS X works. I have a simple C program which says that your htpasswd result is correct (this was run on Solaris),

$ pwcrypt
Salt?  rr
Password?  my
Encrypted is rrkKqy8tj/4SA

For the sake of completeness, I added that username/password to my Apache on Solaris, and the username me was able to authenticate just fine. I'd say you might want to have a look at your .htaccess or something along those lines.

 

[Zim]

That's really odd then.

As I mentioned, I can use a previously generated .htpasswd file and it works fine. It was only in trying to generate a new user that I am seeing the trouble.

So I am certain AuthConfig is working, and my path to the file is correct.

Back to the drawing board....

Mike

 

[Zim]

"htdigest"? I am not familiar with this, can you elaborate?

Thanks,
Mike

 

[Zim]

Originally posted by blb
For the sake of completeness, I added that username/password to my Apache on Solaris, and the username me was able to authenticate just fine. I'd say you might want to have a look at your .htaccess or something along those lines. [/B]

Any chance you could try that on your Mac, running Netscrape 4.7x on your Solaris box?

It fails authentication for me every time. Replacing that line, with a different one (generated on a different system), I authenticate just fine.

Thanks,
Mike

 

[tieng]

I don't remember if Apache is set up to do htaccess by default; you may have to edit your httpd.conf file and change the "AllowOverride" directive from "None to "AuthConfig"

 

[Zim]

Originally posted by tieng
I don't remember if Apache is set up to do htaccess by default; you may have to edit your httpd.conf file and change the "AllowOverride" directive from "None to "AuthConfig"

thanks, I am aware of this. If you read the full thread you will see that I am able to authenticate using a password generated from a different system. I only fail when using passwords I generate on my Mac. Given this behavior, I'd say the authentication side of things is working.

Mike

 

[blb]

Originally posted by Zim


Any chance you could try that on your Mac, running Netscrape 4.7x on your Solaris box?

It fails authentication for me every time. Replacing that line, with a different one (generated on a different system), I authenticate just fine.

Thanks,
Mike

Just tried this, Netscape 4.75 on Solaris 8, against the default Apache on OS X 10.1.3, and your me/my combination worked just fine. Only changes to the Apache configuration were to update the /etc/httpd/users/blb.conf to allow .htaccess, then pointed the .htaccess to the user file with only your me:rrkKqy8tj/4SA.

For reference, my .htaccess

AuthType Basic
AuthUserFile /Users/blb/prot.users
AuthName "ATest"
require valid-user

 

[Jadey]

Have you specifically told Apache to read a .users file for password protection? With the default config, this line:

Files ~ "^\.ht"

(normally surrounded by greater & less than signs, but couldn't post them)

tells it to look for files that begin with .ht like .htpasswd

 

[Zim]

Phew... finally after having almost torn out all of my hair looking at your .htaccess file. I had hard-coded in a "require user abc", hence user "me" could not authenticate.

Dumb dumb dumb me.

Many thanks guys.
Mike

 

[Zim]

Originally posted by testuser
I wonder how you able to authenticate by swapping a line in your .htpasswd file?

simple actually (20/20 hindsight makes everything look simple....)

my .htaccess file contained the line

require user user1

user1 was the name of the user I had set up on another system, and that was the password entry in my .htpasswd that worked.

When I tried to add user2 to the .htpasswd file, user2 was not a valid user based on my .htaccess file.

The password itself for user2 was probably fine, its just that user1 was listed as the only one to have access.

That's what I get for copying over an old .htaccess file and not looking at it first.

Cheers,
Mike