Обсуждение: [Fwd: [Zope-dev] Authentication Problem with Postgres]
Hi, i have forwarded this message from Zope in hope of an answer.Hi all, sometimes i have a curios problem with my Zope. Without any errors in any logs Zope could not authenticate himself with postgres. The error message is that there is a wrong password. After a restart of Zope everything works fine until the eror occurs again. My sysop has traced the protcols before and after the error. Zope sends some data and then a crypted password with the salt. If the error is occured the password that Zope sends is crypted wrong. After a restart of Zope the password is right crypted. Could anybody help or explain me this problem, it is very important for the further use of Zope for our websites. Thanks as _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Andre Schubert <andre.schubert@geyer.kabeljournal.de> writes:
> sometimes i have a curios problem with my Zope.
> My sysop has traced the protcols before and after the error.
> Zope sends some data and then a crypted password with the salt.
> If the error is occured the password that Zope sends is crypted wrong.
> After a restart of Zope the password is right crypted.
If you've determined that in fact the wrong password is being sent
from the client side, then it seems that there are only two
possibilities: one, Zope is handing the wrong password to libpq,
or two, there's something broken in the crypt library on your client
machine. libpq's handling of the password is so trivial that I find
it hard to see how there could be such a problem inside libpq itself.
If you're not convinced, I'd suggest adding some debug logging printout
to libpq (look in fe-connect.c and fe-auth.c). Try tracing the
arguments and result of the actual crypt() call in fe-auth.c, and
then work outwards if you need to.
You didn't say what platform you're on, but on some platforms I believe
that crypt() supports both traditional (DES variant) and MD5 encryption
styles. Possibly the problem is somehow related to choosing the wrong
encryption style (where "wrong" = "not what the postmaster is using").
regards, tom lane
Tom Lane schrieb: > > Andre Schubert <andre.schubert@geyer.kabeljournal.de> writes: > > sometimes i have a curios problem with my Zope. > > My sysop has traced the protcols before and after the error. > > Zope sends some data and then a crypted password with the salt. > > If the error is occured the password that Zope sends is crypted wrong. > > After a restart of Zope the password is right crypted. > > If you've determined that in fact the wrong password is being sent > from the client side, then it seems that there are only two > possibilities: one, Zope is handing the wrong password to libpq, > or two, there's something broken in the crypt library on your client > machine. libpq's handling of the password is so trivial that I find > it hard to see how there could be such a problem inside libpq itself. > > If you're not convinced, I'd suggest adding some debug logging printout > to libpq (look in fe-connect.c and fe-auth.c). Try tracing the > arguments and result of the actual crypt() call in fe-auth.c, and > then work outwards if you need to. > > You didn't say what platform you're on, but on some platforms I believe > that crypt() supports both traditional (DES variant) and MD5 encryption > styles. Possibly the problem is somehow related to choosing the wrong > encryption style (where "wrong" = "not what the postmaster is using"). > Zope(2.3.3) runs on a Immunix RedHat 6.2. All Client Libraries are 7.1.3. The Postgres-Server 7.1.3 runs on another Immunix RedHat 6.2 box. thanks as > regards, tom lane