Hi Tom!Thanks for the pointers. After much systematic experimenting I discovered that when I entered users & passwords with the mysql command line using password(), encrypt(), sha1() or old_password, only encrypt() was readable by apache authentication. Then I entered users and passwords using apache's htpasswd to generate md5 sha1 crypt and apache was able to authenticate those.
So much to my surprise, mysql's sha1 and md5 produces an encryption not readable by apache. I was under the assumption that all sha1 and md5 encryptions were the same across all applications!
This is an example of a mysql produced sha1: *A34CDEEEE1232ACBCBCDD4D4D3D2D12341ACACE3 This is an example of an htpasswd produced sha1: {SHA1}6u5F+11u1xNIBuFBh+X+sydW+4= Regards, -Bill Tom Donovan wrote:
paredes wrote:It sounds like you are getting *something* returned by your authentication query, just not the exact password hash.Greetings! I've been running OS-X 10.3.9, with apache2.2.3 [ldap w/failover to mod_authn_dbd], mysql5.0.3x & php5.1 all built from source. I've just upgraded our test server to OSX 10.5, apache2.2.6 & mysql5.0.51. The problem is that while the DBDDriver connects it refuses to authenticate valid users. The apache logs which are set to debug return:"user jones: authentication failure for "/ProtectedArea": Password Mismatch"When I deliberately provide an unknown user the logs return: "user mary not found: /ProtectedArea"Possibly the problem is trailing spaces. The behavior of MySQL CHAR and VARCHAR fields for trailing spaces has changed over time per http://dev.mysql.com/doc/refman/5.0/en/char.htmlTry a SQL statement like: "SELECT TRIM(password_field) FROM user_table WHERE user_field = %s" instead of: "SELECT password_field FROM user_table WHERE user_field = %s"Additional clues might be found by enabling MySQL logging per: http://dev.mysql.com/doc/refman/5.0/en/query-log.html and checking what your SQL statement actually looks like to MySQL. -tom- ---------------------------------------------------------------------The official User-To-User support forum of the Apache HTTP Server Project.See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx