dimopoulos,
First off I'd like to thank you for the attached script. It did its job
Thank you.
However, at this point I have run into another snag.
All passwords in the sql database are now freshly new and md5 hashed.
I added 2 lines to my apache conf file:
LoadModule digest_auth_module lib/apache/mod_auth_digest.so
AddModule mod_auth_digest.c
I changed my .htaccess file to:
AuthType Digest
AuthName "myrealm"
AuthDigestFile /path/to/password/file
<LIMIT GET POST>
require valid-user
</LIMIT>
However, the old per script posted above that creates the userfile doesnt create it in the right format:
It makes:
tgnb:eca0249f7bf2fb3515bd7e319f5c2ab5
With AuthType Digest, apache needs:
tgnb:myrealm:eca0249f7bf2fb3515bd7e319f5c2ab5
This of course causes this in the apache error log:
[Fri Dec 20 08:09:49 2002] [error] [client xxx.xxx.xxx.xxx] Digest: user `tgnb' in realm `myrealm' not found: /some/path
/some/path being the .htaccess protected part of the site
Even if I change the password file manually for testing, I still get this in my apache error log:
[Fri Dec 20 08:24:24 2002] [error] [client xxx.xxx.xxx.xxx] Digest: user tgnb: password mismatch: /some/path
I edited the perl script so it creates the password file in the right format.
At this point I am a bit lost not understanding why there would be a password mismatch.
the board uses md5
apache uses md5
apache finds the userfile
apache finds the realm in the userfile
but apache can't match the passwords in it
=====
While reading docs etc on how to do the Digest authentication I also came across something even more interesting
http://www.widexl.com/scripts/documentation/htaccess.htmlAuth MySQL
I'd imagine if I got AuthMySQL to work I could skip the entire procedure of having to run an old perl script in a cron job to update a password file because apache would use the database to authenticate.
To set Auth MySQL up I have to put this in the .htaccess file:
Auth_MYSQLdatabase: This is your database with the member's info.
Auth_MYSQLpwd_table: The members info table containing (username/password).
Auth_MYSQLuid_field: The username field.
Auth_MYSQLpwd_field: The password field.
Auth_MYSQL_EncryptedPasswords: Are the password MySQL encrypt. [on|off].
So I have the following questions
What is the table containing username and password
What is the username field
What is the password field
And finally
I guess I'll have to test if apache will accept the encrypted passwords.. hehe
Thanks for your time and support.
