Обсуждение: mod_auth_pgsql
Hey,
I've set up mod_auth_pgsql several times successfully, but for some reason I
keep getting a "password mismatch" error on my latest install when I try to
log in to my protected site.
I'm running postgresql 7.2.2, apache 1.3.26 on FreeBSD 4.6.2. The version of
mod_auth_pgsql I built into apache is 0.9.12.
This is what my schema and current data look like:
CREATE TABLE users (
username CHAR(25) PRIMARY KEY,
password CHAR(25) NOT NULL
);
INSERT INTO users (username, password) VALUES ('ssmith', 'abc');
Here is what the my .htaccess file looks like:
AuthName "test"
AuthType basic
Auth_PG_host localhost
Auth_PG_port 5432
Auth_PG_database apache
Auth_PG_user <????>
Auth_PG_pwd <????>
Auth_PG_pwd_table users
Auth_PG_uid_field username
Auth_PG_pwd_field password
Auth_PG_encrypted off
Auth_PG_log_table apache_log
Auth_PG_log_uname_field username
Auth_PG_log_date_field time
Auth_PG_log_uri_field uri
Auth_PG_log_addrs_field address
Auth_PG_log_pwd_field password
<LIMIT GET POST>
require valid-user
</LIMIT>
This is what shows up in apache's error log:
[Fri Sep 13 11:39:57 2002] [error] access to /test failed for xxx.xxx.xxx.xxx,
reason: PG user ssmith: password mismatch
I've tried to debug the problem for quite a long time and can't think of
anything I'm doing wrong. Any help/advice anyone can provide would be much
appreciated.
Thanks,
Joey
mingrone@hotmail.com (Joey M) writes:
> This is what shows up in apache's error log:
> [Fri Sep 13 11:39:57 2002] [error] access to /test failed for xxx.xxx.xxx.xxx,
> reason: PG user ssmith: password mismatch
What shows up in the postmaster log?
regards, tom lane
Joey M schrieb:
> Hey,
>
> I've set up mod_auth_pgsql several times successfully, but for some reason I
> keep getting a "password mismatch" error on my latest install when I try to
> log in to my protected site.
>
> I'm running postgresql 7.2.2, apache 1.3.26 on FreeBSD 4.6.2. The version of
> mod_auth_pgsql I built into apache is 0.9.12.
>
> This is what my schema and current data look like:
>
> CREATE TABLE users (
> username CHAR(25) PRIMARY KEY,
> password CHAR(25) NOT NULL
> );
>
> INSERT INTO users (username, password) VALUES ('ssmith', 'abc');
>
> Here is what the my .htaccess file looks like:
>
> AuthName "test"
> AuthType basic
>
> Auth_PG_host localhost
> Auth_PG_port 5432
> Auth_PG_database apache
> Auth_PG_user <????>
> Auth_PG_pwd <????>
> Auth_PG_pwd_table users
> Auth_PG_uid_field username
> Auth_PG_pwd_field password
> Auth_PG_encrypted off
>
> Auth_PG_log_table apache_log
> Auth_PG_log_uname_field username
> Auth_PG_log_date_field time
> Auth_PG_log_uri_field uri
> Auth_PG_log_addrs_field address
> Auth_PG_log_pwd_field password
>
> <LIMIT GET POST>
> require valid-user
> </LIMIT>
>
> This is what shows up in apache's error log:
>
> [Fri Sep 13 11:39:57 2002] [error] access to /test failed for xxx.xxx.xxx.xxx,
> reason: PG user ssmith: password mismatch
>
> I've tried to debug the problem for quite a long time and can't think of
> anything I'm doing wrong. Any help/advice anyone can provide would be much
> appreciated.
>
> Thanks,
>
> Joey
You are inserting the first password in clear text. I am not familiar
with mod_auth_pgsql but in mod_auth there is only comparison between
coded passwords. Insert a coded password into your table and try it than
again. Maybe that helps.
Michael
On Fri, Sep 13, 2002 at 01:21:57PM -0700, Joey M wrote:
> Hey,
>
> I've set up mod_auth_pgsql several times successfully, but for some reason I
> keep getting a "password mismatch" error on my latest install when I try to
> log in to my protected site.
>
> I'm running postgresql 7.2.2, apache 1.3.26 on FreeBSD 4.6.2. The version of
> mod_auth_pgsql I built into apache is 0.9.12.
>
> This is what my schema and current data look like:
>
> CREATE TABLE users (
> username CHAR(25) PRIMARY KEY,
> password CHAR(25) NOT NULL
> );
Are You using MD5 or crypt? I'm using crypt and had to change the
size of the "password" field to char(13) to get this working.
> INSERT INTO users (username, password) VALUES ('ssmith', 'abc');
This seems You try using cleartext passwords, but this must enabled
in the apache config file (default is encrypted).
But in general IMHO there is a problem in password comparsion in
mod_auth_pgsql (trailing whitspace - maybe i'm wrong):
"abc" != "abc "
Hope, this helps. Greetings,
-tb
--
Thomas Beutin tb@laokoon.IN-Berlin.DE
Beam me up, Scotty. There is no intelligent live down in Redmond.
On Tue, Sep 17, 2002 at 11:01:49AM +0200, Thomas Beutin wrote: > On Fri, Sep 13, 2002 at 01:21:57PM -0700, Joey M wrote: > > Hey, > > > > I've set up mod_auth_pgsql several times successfully, but for some reason I > > keep getting a "password mismatch" error on my latest install when I try to > > log in to my protected site. > > > > I'm running postgresql 7.2.2, apache 1.3.26 on FreeBSD 4.6.2. The version of > > mod_auth_pgsql I built into apache is 0.9.12. > > > > This is what my schema and current data look like: > > > > CREATE TABLE users ( > > username CHAR(25) PRIMARY KEY, > > password CHAR(25) NOT NULL > > ); > Are You using MD5 or crypt? I'm using crypt and had to change the > size of the "password" field to char(13) to get this working. Not surprising considering that char() is space padded. So when selecting the password it's returned the result of crypt() plus 12 spaces. No match. Using "text" or "varchar" would probably work better. > But in general IMHO there is a problem in password comparsion in > mod_auth_pgsql (trailing whitspace - maybe i'm wrong): > "abc" != "abc " Passwords are allowed to spaces in them. -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > There are 10 kinds of people in the world, those that can do binary > arithmetic and those that can't.