Apache2 Auth dbd - 数据库中的 md5 散列密码,但 apache 将其与原始密码进行比较
Apache2 Auth dbd - md5 hashed password in database, but apache compares it with raw
我在通过 pgsql 在 Apache2 中进行身份验证时遇到问题。连接到数据库是成功的,如果我将散列放入密码字段,它就会通过身份验证,但是我如何让 apache 2.4 将数据库密码与本地插入的尚未散列的密码进行比较。我想我必须将 auth hash 方法放入 md5 但由于某种原因文档有些不完整。
<Location "/something">
Header add Pragma "must-revalidate no-cache"
Header add X-RequestTime "%t %D"
ExpiresActive on
ExpiresDefault "now"
AuthName "Something"
AuthType Basic
AuthUserFile "L:\Docs\mgrpass.txt" #does not take usernames and passwords
#from there anymore. Takes them from database instead.
Order allow,deny
Allow from all
SetEnv ERR_MAIL "sysadmin@mywebsite.com"
SetEnv SCHEMA "manager"
SetEnv AUTHTYPE "manager"
AuthBasicProvider socache dbd
AuthnCacheProvideFor dbd
AuthnCacheContext myServer
# Here should be some hash config to convert local password
# to md5 encrypted one... Help please :(
Require valid-user
AuthDBDUserPWQuery "SELECT parool as password FROM _usr WHERE email = %s"
SetEnv "FORMAT" "json"
php_flag pgsql.log_notice off
php_flag magic_quotes_gpc off
php_flag output_buffering off
php_admin_flag safe_mode_gid on
Header add X-Timing "%D microseconds"
</Location>
找到答案了。
Apache 自行解析密码。只需在密码
前添加 {SHA1} 或 $apr1$
AuthDBDUserPWQuery "SELECT CONCAT('{SHA}',parool_sha1) as password FROM _usr WHERE email = %s"
我在通过 pgsql 在 Apache2 中进行身份验证时遇到问题。连接到数据库是成功的,如果我将散列放入密码字段,它就会通过身份验证,但是我如何让 apache 2.4 将数据库密码与本地插入的尚未散列的密码进行比较。我想我必须将 auth hash 方法放入 md5 但由于某种原因文档有些不完整。
<Location "/something">
Header add Pragma "must-revalidate no-cache"
Header add X-RequestTime "%t %D"
ExpiresActive on
ExpiresDefault "now"
AuthName "Something"
AuthType Basic
AuthUserFile "L:\Docs\mgrpass.txt" #does not take usernames and passwords
#from there anymore. Takes them from database instead.
Order allow,deny
Allow from all
SetEnv ERR_MAIL "sysadmin@mywebsite.com"
SetEnv SCHEMA "manager"
SetEnv AUTHTYPE "manager"
AuthBasicProvider socache dbd
AuthnCacheProvideFor dbd
AuthnCacheContext myServer
# Here should be some hash config to convert local password
# to md5 encrypted one... Help please :(
Require valid-user
AuthDBDUserPWQuery "SELECT parool as password FROM _usr WHERE email = %s"
SetEnv "FORMAT" "json"
php_flag pgsql.log_notice off
php_flag magic_quotes_gpc off
php_flag output_buffering off
php_admin_flag safe_mode_gid on
Header add X-Timing "%D microseconds"
</Location>
找到答案了。
Apache 自行解析密码。只需在密码
前添加 {SHA1} 或 $apr1$AuthDBDUserPWQuery "SELECT CONCAT('{SHA}',parool_sha1) as password FROM _usr WHERE email = %s"