Information Services Talk

Guest · Posted: Thu Sep 27, 2007 8:49 pm Post subject: Apache FakeBasicAuth problem

I was used to use FakeBasicAuth in Apache 2.0.59, and I have a problem
to use it in 2.2.4, with the same config (see bottom of message).

I always get now 'user /...: authentication failure for "/path/":
Password Mismatch'.

In the debug log, I can find:
Faking HTTP Basic Auth header: "Authorization: Basic {DN:passwordn
base64}"

Thanks

Nick

SSLVerifyClient require
<Location "/">
SSLRequireSSL
SSLOptions +FakeBasicAuth
Authname "MyApp"
AuthType Basic
AuthUserFile conf/users.auth
Require valid-user
</Location>

user.auth (DN coming from OpenSSL):
/...:xxj31ZMTZzkVA

Guest · Posted: Fri Sep 28, 2007 11:00 am Post subject: Re: Apache FakeBasicAuth problem

Additional info: I also tried without FakeBasicAuth, to have the
interactive password box, and with another user 'frank' and the
password 'sinatra'.
Depending on my password file, I get the following errors:
- frank:mlVo7KaArYZhg
-> dialog box -> frank/sinatra
-> user frank: authentication failure: Password Mismatch
- frank:$apr1$9U1.....$C.5OJhZ4UxxM9SIzv4XAY0
-> no dialog box
-> configuration error: couldn't check access. No groups file?
- frank:{SHA}7DUut/wAuxmp4mKiKKNr9eEUeG0=
-> no dialog box
-> configuration error: couldn't check access. No groups file?
So, MD5 & SHA-1 are not supported.

With FakeBasicAuth, I get exactly the same password error:
user /C=BE/ST=Belgium/...: authentication failure: Password Mismatch

It seems that the CRYPT algorithm that is used is not compatible with
the previous versions !?!
When I try 'htpasswd.exe -nbd', it responds 'Automatically using MD5
format'.
I use Windows with OpenSSL 0.9.8e.

Guest · Posted: Fri Sep 28, 2007 11:01 am Post subject: Re: Apache FakeBasicAuth problem

And I have the same on Linux (2.2.6) :-(