4WebHelp
 FAQ  •  Search  •  User Groups  •  Forum Admins  •  Smilies List  •  Statistics  •  Rules   •  Login   •  Register
Toggle Navigation Menu

 htaccess problem
Post New TopicReply to Topic
View Previous Topic Print this topic View Next Topic
Author Message
FrankMac
Junior WebHelper
Junior WebHelper


Joined: 04 Aug 2004
Posts: 5

PostPosted: Thu Aug 05, 2004 3:23 am (13 years, 2 months ago) Reply with QuoteBack to Top

Hey great site, I'm learning a lot by browsing through the forums. I'm very new at this so please excuse what is no doubt a stupid question about htaccess passwords.
Iím using Apache 1.3.29 on a computer running Windows XP.
I wanted to experiment with htaccess. Because Windows will not allow files starting with a period (.) I changed <.htaccess> to <htaccess.txt> and called the password file <passwd.txt>. I then modified the Apache <httpd.conf> file to look for <htaccess.txt>.
A couple of posts and the tutorial say the password must be encrypted so I used the encryption tool on this site and pasted the results directly into the <passwd.txt> file.
The result was that the system would not accept the password. Below is the entry in the <error.log> file.

[Wed Aug 04 16:11:50 2004] [error] [client 127.0.0.1] user frank: authentication failure for "/htm2php/index": password mismatch

When I left the password as plain text everything worked. My question is; ĎWhy doesnít this work when the password is encrypted?í Is there something else I have to modify in the <httpd.conf> file?

Hereís a copy of the <htaccess.txt> file Iím using.

AuthType Basic
AuthName "Log_in"
AuthUserFile htdocs/htm2php/passwd.txt
<Limit GET POST>
require valid-user
</Limit>

This is a copy of the <passwd.txt> file that works.

frank:fluffy

This is a copy of the <passwd.txt> file that does NOT work.
The password used to generate it was <fluffy>.

frank:46tkhAgLxEBzs

If I type in <fluffy> it does not work.
If I type in <46tkhAgLxEBzs> it does work.
Any ideas would be welcome.
OfflineView User's ProfileFind all posts by FrankMacSend Personal Message
Daniel
Team Member



Joined: 06 Jan 2002
Posts: 2564

PostPosted: Thu Aug 05, 2004 6:35 am (13 years, 2 months ago) Reply with QuoteBack to Top

The problem is that Windows does not support the crypt() function which was used to encrypt the password. IIRC it only supports md5() encryption. I'll see if I can get the time to add a different encryption type to our password generator.

________________________________
Image
OfflineView User's ProfileFind all posts by DanielSend Personal Message
FrankMac
Junior WebHelper
Junior WebHelper


Joined: 04 Aug 2004
Posts: 5

PostPosted: Thu Aug 05, 2004 8:45 am (13 years, 2 months ago) Reply with QuoteBack to Top

Daniel; thanks for the info.
Frank.
OfflineView User's ProfileFind all posts by FrankMacSend Personal Message
FrankMac
Junior WebHelper
Junior WebHelper


Joined: 04 Aug 2004
Posts: 5

PostPosted: Thu Aug 05, 2004 8:19 pm (13 years, 2 months ago) Reply with QuoteBack to Top

I found a way of making encrypted passwords on a Windows XP machine running Apache 1.3.29 as localhost. The same method could be used for a site which is on-line. Iím not sure which encryption method is being used, perhaps the code at the end will give a clue to someone who knows more about this.
First of all I did something very foolish, I read the Apache manual. The part which tells you how to make an encrypted password is in:
ĎAuthentication, Authorization and Access Controlí.
The encrypted passwords are generated by a program called <htpasswd.exe> which is located in the <bin> folder of the Apache installation.
It took me a while to work it out so Iíve put below what I did on my machine.
I couldnít get the system to make the password file in the folder I wanted so I made it in the root drive (C) and then copied it to the folder.
I called the file <passwd.txt> as I was already using a file by that name for passwords.
OK, hereís what I did.
Opened the Command Prompt.
Typed in: <cd C:\Program Files\Apache Group\Apache\bin>
This is to get to the folder where htpasswd.exe is located.
Typed in: htpasswd Ėc /passwd.txt frank
<-c> tells it to create a file
</> tells it to put the file in the root drive, in this case C:\
<passwd.txt> tells it to name the file passwd.txt
<frank> tells it to add a user called frank
The program now asked me for my password.
I typed in <fluffy>
I was asked again, and repeated <fluffy>
That was it.
I copied the file to the folder I wanted to protect and it actually worked. Something of a first for me.
Adding a user is a similar procedure, but with <-c> omitted, as the file has already been created. The example below was for a new user called <sarah>.
Open the Command Prompt.
Type in: <cd C:\Program Files\Apache Group\Apache\bin>
Type in: htpasswd /passwd.txt sarah
</passwd.txt> tells it to look for the file C:\passwd.txt.
<sarah> tells it to add a user called sarah.
As before, the program will now ask for the password twice.
All you have to do now is copy the file to the relevant folder which overwrites the old one.
One thing they do warn of is DO NOT use <-c> when adding a new user. It will create a new file which will overwrite the old one leaving you with a file containing only the new user.
Hereís what the file looks like. Iíve added nothing, this is exactly how it was generated.
frank:$apr1$jZ......$2Y9U2Jsvo.AtgLcNDKiAi.
sarah:$apr1$9r......$AfIRLq5MEKn3EiF42QFxS1
OfflineView User's ProfileFind all posts by FrankMacSend Personal Message
Display posts from previous:      
Post New TopicReply to Topic
View Previous Topic Print this topic View Next Topic


 Jump to:   




You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot edit your posts in this forum.
You cannot delete your posts in this forum.
You cannot vote in polls in this forum.


Page generation time: 0.561775 seconds :: 18 queries executed :: All Times are GMT
Powered by phpBB 2.0 © 2001, 2002 phpBB Group :: Based on an FI Theme