Forum
Basic authentication
Phil Daintree
18 May 2011, 12:42
I am trying to get basic authentication going but have come unstuck.
Hiawatha version: Hiawatha v7.3, cache, IPv6, Monitor, SSL, URL toolkit, XSLT
Operating System: puppy linux 5.25
Hiawatha version: Hiawatha v7.3, cache, IPv6, Monitor, SSL, URL toolkit, XSLT
Operating System: puppy linux 5.25
Phil Daintree
18 May 2011, 12:44
I created a htpasswd with the following PHP:
$clearTextPassword = 'mypassword';
$password = crypt($clearTextPassword, base64_encode($clearTextPassword));
echo $password;
Then I created /etc/hiawatha/.validusers using the output from the above PHP with the just the line :
phil:bX6j7x3Ep6RnU
I restarted hiawatha and went to http://60.234.156.41 sure enough I get the login box but I can't get into render pages the login dialog keeps coming up.
The web-server is running as user nobody and the /etc/hiawatha/.validusers is owned by nobody and in the nobody group with permissions as rw-,r--,r--
$clearTextPassword = 'mypassword';
$password = crypt($clearTextPassword, base64_encode($clearTextPassword));
echo $password;
Then I created /etc/hiawatha/.validusers using the output from the above PHP with the just the line :
phil:bX6j7x3Ep6RnU
I restarted hiawatha and went to http://60.234.156.41 sure enough I get the login box but I can't get into render pages the login dialog keeps coming up.
The web-server is running as user nobody and the /etc/hiawatha/.validusers is owned by nobody and in the nobody group with permissions as rw-,r--,r--
Phil Daintree
18 May 2011, 12:50
PasswordFile=basic:/etc/hiawatha/.validusers
Hugo Leisink
20 May 2011, 17:37
What does the error logfiles say?
Try using the htpasswd that comes with Apache. Probably placed in some apache-utils package.
Try using the htpasswd that comes with Apache. Probably placed in some apache-utils package.
Phil Daintree
21 May 2011, 01:51
The error log reports nothing... the access log shows:
I don't have apache installed and was hoping to avoid it altogether. Is there anyway around installing apache?
60.234.156.41|Sat 21 May 2011 12:02:55 +1200|401|631||GET / HTTP/1.1|Host: 60.234.156.41|User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1|Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8|Accept-Language: en-us,en;q=0.5|Accept-Encoding: gzip, deflate|Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7|Keep-Alive: 115|Connection: keep-alive
60.234.156.41|Sat 21 May 2011 12:03:00 +1200|401|631||GET / HTTP/1.1|Host: 60.234.156.41|User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1|Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8|Accept-Language: en-us,en;q=0.5|Accept-Encoding: gzip, deflate|Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7|Keep-Alive: 115|Connection: keep-alive
60.234.156.41|Sat 21 May 2011 12:03:01 +1200|401|631||GET /favicon.ico HTTP/1.1|Host: 60.234.156.41|User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1|Accept: image/png,image/*;q=0.8,*/*;q=0.5|Accept-Language: en-us,en;q=0.5|Accept-Encoding: gzip, deflate|Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7|Keep-Alive: 115|Connection: keep-alive
60.234.156.41|Sat 21 May 2011 12:03:01 +1200|401|631||GET /favicon.ico HTTP/1.1|Host: 60.234.156.41|User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1|Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8|Accept-Language: en-us,en;q=0.5|Accept-Encoding: gzip, deflate|Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7|Keep-Alive: 115|Connection: keep-alive
60.234.156.41|Sat 21 May 2011 12:03:00 +1200|401|631||GET / HTTP/1.1|Host: 60.234.156.41|User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1|Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8|Accept-Language: en-us,en;q=0.5|Accept-Encoding: gzip, deflate|Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7|Keep-Alive: 115|Connection: keep-alive
60.234.156.41|Sat 21 May 2011 12:03:01 +1200|401|631||GET /favicon.ico HTTP/1.1|Host: 60.234.156.41|User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1|Accept: image/png,image/*;q=0.8,*/*;q=0.5|Accept-Language: en-us,en;q=0.5|Accept-Encoding: gzip, deflate|Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7|Keep-Alive: 115|Connection: keep-alive
60.234.156.41|Sat 21 May 2011 12:03:01 +1200|401|631||GET /favicon.ico HTTP/1.1|Host: 60.234.156.41|User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1|Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8|Accept-Language: en-us,en;q=0.5|Accept-Encoding: gzip, deflate|Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7|Keep-Alive: 115|Connection: keep-alive
I don't have apache installed and was hoping to avoid it altogether. Is there anyway around installing apache?
Hugo Leisink
21 May 2011, 02:16
I've tried "phil:bX6j7x3Ep6RnU" and it worked fine. Are you sure Hiawatha is able to read the password file?
Phil Daintree
21 May 2011, 02:40
# cd /etc/hiawatha
# ls -la
total 32
drwxr-xr-x 2 nobody root 4096 2011-05-21 12:23 .
drwxr-xr-x 84 root root 4096 2011-05-20 21:45 ..
-rw-r--r-- 1 root root 463 2010-08-19 20:04 cgi-wrapper.conf
-rwxr-xr-x 1 root root 2572 2011-05-21 12:42 hiawatha.conf
-rw-r--r-- 1 nobody nobody 18 2011-05-21 12:13 .htpasswords
-rw-r--r-- 1 root root 2571 2008-07-13 13:27 httpd.confORIG
-rw-r--r-- 1 root root 2504 2010-08-19 20:04 index.xslt
-rw-r--r-- 1 root root 1569 2010-08-19 20:04 mimetype.conf
-rw-r--r-- 1 root root 526 2008-07-13 14:21 php-fcgi.conf
# su nobody
# cat /etc/hiawatha/.htpasswords
phil:bmrjs.MvHN3GY#
# ls -la
total 32
drwxr-xr-x 2 nobody root 4096 2011-05-21 12:23 .
drwxr-xr-x 84 root root 4096 2011-05-20 21:45 ..
-rw-r--r-- 1 root root 463 2010-08-19 20:04 cgi-wrapper.conf
-rwxr-xr-x 1 root root 2572 2011-05-21 12:42 hiawatha.conf
-rw-r--r-- 1 nobody nobody 18 2011-05-21 12:13 .htpasswords
-rw-r--r-- 1 root root 2571 2008-07-13 13:27 httpd.confORIG
-rw-r--r-- 1 root root 2504 2010-08-19 20:04 index.xslt
-rw-r--r-- 1 root root 1569 2010-08-19 20:04 mimetype.conf
-rw-r--r-- 1 root root 526 2008-07-13 14:21 php-fcgi.conf
# su nobody
# cat /etc/hiawatha/.htpasswords
phil:bmrjs.MvHN3GY#
As sure as I can be? Although I know puppy can throw curly ones with permissions from a previous battle.
Note I changed the config to use
AccessList = pwd all
PasswordFile=basic:/etc/hiawatha/.htpasswords
Hugo Leisink
21 May 2011, 08:02
Hmmm, then I have no idea what goes wrong. Anything special on your server like chroot or kernel security patch?
Phil Daintree
22 May 2011, 02:03
I believe there are kernel patches applied to the puppy kernel but do not know the details I am using puppy 5.1 with the standard puppy patched kernel 2.6.33. No chroot going on here.
I have tried a hundred permutations and giving up. Basic auth just doesn't work for me.
I have tried a hundred permutations and giving up. Basic auth just doesn't work for me.
Phil Daintree
22 May 2011, 02:10
I can make errors occur in the error log ...
when the password file is not physically in the right location
When the permissions are such that the hiawatha process owner does not have appropriate permissions.
But when the password file is in the correct place and is readable by the hiawatha process owner the password dialog comes straight back up asking for the password again - no message that the incorrect password was given and nothing in the error log either.
Sun 22 May 2011 12:03:20 +1200|60.234.156.41|/etc/htpass|password file not found
when the password file is not physically in the right location
Sun 22 May 2011 12:20:31 +1200|60.234.156.41|/etc/hiawatha/htpass|no access to password file
When the permissions are such that the hiawatha process owner does not have appropriate permissions.
But when the password file is in the correct place and is readable by the hiawatha process owner the password dialog comes straight back up asking for the password again - no message that the incorrect password was given and nothing in the error log either.
Hugo Leisink
22 May 2011, 07:33
Strange, very strange. I'm afraid I have no idea what goes wrong here. It all looks oke.
Phil Daintree
22 May 2011, 11:29
I downloaded apache and using htpasswd produced a password file that works!!
I hate the fact that hiawatha needs to be configured with apache utilities not bundled with hiawatha - but glad I got there in the end!!!
I hate the fact that hiawatha needs to be configured with apache utilities not bundled with hiawatha - but glad I got there in the end!!!
Hugo Leisink
22 May 2011, 19:10
Weird, apparently the crypt function in PHP is not the same as the one in C.
I agree with you. I've updated the Wigwam tool. It can now create entries for password files, for both basic and digest HTTP authentication. It will be available in version 7.5, which I plan to release soon.
I agree with you. I've updated the Wigwam tool. It can now create entries for password files, for both basic and digest HTTP authentication. It will be available in version 7.5, which I plan to release soon.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
