Forum
.hiawatha HTTP Auth Troubles in Debian
Moddie
8 November 2012, 22:57
Hello,
firstly:
OS: Completely Standard Debian 6.0 Squeeze
Hiawatha: v8.6 Debian Package from http://files.tuxhelp.org/hiawatha/ (had to pull one depandency with apt but can't remember what)
i've been trying all day, to get basic or digest auth to work.
I've tried using the tool you provided (wigwam), following
the Instructions from the manpages here on the Site to the letter.
Neither basic nor digest worked, no errors in error.log and only
401 errors in the access log. I can produce errors by moving
or changing the permissions of my .passwd file.
Finally Iwas ready to give up, but then I saw a Post here claiming
success with with apache's htpasswd tool and sure enough this
way I can generate an entry for the passwd file that works.
So far so strange...
Since I do not want to install apache just to use htpasswd,
google found another solution for me:
echo -e "my-user:`perl -le 'print crypt("my-pass","salt")'`"
This works and also prints the same result every time with the same input,
"wigwam -b my-user" gives different results every time it is run even with the same input.
This is obviously only for basic auth, i will try to get digest working
when there's my time (and motivation) allow me to do so
I am totally at a loss to explain this, but as near as i can figure
there must be a version mismatch or something between
what wigwam uses to encrypt the pw and what the server itself
uses for comparison. Since it seems to work on most other unixes
there might be some way in which debian is different.
Please try to shed some light on this issue, i'd really like to know what's
going on...
If I can be of any further assistance in the investigation please let me know.
greetings
/moddie
firstly:
OS: Completely Standard Debian 6.0 Squeeze
Hiawatha: v8.6 Debian Package from http://files.tuxhelp.org/hiawatha/ (had to pull one depandency with apt but can't remember what)
i've been trying all day, to get basic or digest auth to work.
I've tried using the tool you provided (wigwam), following
the Instructions from the manpages here on the Site to the letter.
Neither basic nor digest worked, no errors in error.log and only
401 errors in the access log. I can produce errors by moving
or changing the permissions of my .passwd file.
Finally Iwas ready to give up, but then I saw a Post here claiming
success with with apache's htpasswd tool and sure enough this
way I can generate an entry for the passwd file that works.
So far so strange...
Since I do not want to install apache just to use htpasswd,
google found another solution for me:
echo -e "my-user:`perl -le 'print crypt("my-pass","salt")'`"
This works and also prints the same result every time with the same input,
"wigwam -b my-user" gives different results every time it is run even with the same input.
This is obviously only for basic auth, i will try to get digest working
when there's my time (and motivation) allow me to do so
I am totally at a loss to explain this, but as near as i can figure
there must be a version mismatch or something between
what wigwam uses to encrypt the pw and what the server itself
uses for comparison. Since it seems to work on most other unixes
there might be some way in which debian is different.
Please try to shed some light on this issue, i'd really like to know what's
going on...
If I can be of any further assistance in the investigation please let me know.
greetings
/moddie
Moddie
9 November 2012, 00:18
P.S.
I just noticed that this:
echo -e "my-user:`perl -le 'print crypt("my-pass","salt")'`"
does not seem to work for all passwords, longer ones seem
to work more reliably though.
will test with htpasswd -nbd my-user my-pass later.
weird stuff...
I just noticed that this:
echo -e "my-user:`perl -le 'print crypt("my-pass","salt")'`"
does not seem to work for all passwords, longer ones seem
to work more reliably though.
will test with htpasswd -nbd my-user my-pass later.
weird stuff...
Hugo Leisink
10 November 2012, 18:10
Really weird, because both wigwam and hiawatha use the same crypt system call. I have given this some thought, but I have no idea what goes wrong.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
