*BSD News Article 78697


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.mel.connect.com.au!news.mira.net.au!inquo!in-news.erinet.com!ddsw1!news.mcs.net!www.nntp.primenet.com!nntp.primenet.com!hunter.premier.net!news1.erols.com!news
From: Ken Bigelow <kbigelow@www.play-hookey.com>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Getting 'htpasswd' to work w/Apache & FreeBSD
Date: Fri, 20 Sep 1996 16:01:18 +0000
Organization: Erol's Internet Services
Lines: 37
Message-ID: <3242BFCE.2E7F@www.play-hookey.com>
References: <32425F5F.3DD7@digicity.net>
Reply-To: kbigelow@www.play-hookey.com
NNTP-Posting-Host: kenjb05.play-hookey.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 3.0 (Win16; U)

Damien Thorn wrote:
> 
> We've operated the Apache httpd on FreeBSD for more than a year
> without problem.  A client now needs to implement authentication to
> several subdirectories, so we upgraded the the latest version of
> Apache and compiled the HTPASSWD program to generate password files
> for authentication.
> 
> However, we keep getting errors of "Password Mismatch."
> 
> In browsing some archives, I noted potential problems between DES and
> MD5 encryption.  The server runs FreeBSD with MD5 (I assume), and
> the copy of Apache we compiled came from the freebsd.org ports
> collection and I assume is therefore patched appropriately.
> 
> We included -lcrypt as an extra lib when we compiled the htpasswd
> binary as well.
> 
> Any clues or suggestions?  (Thanks in advance!)
> 

Try this (which is what I did): Recompile apache and include the module
on dbm databases. (Not essential, but very desirable if you want to
handle lots of users without long linear name searches.) Then use the
dbmmanage utility provided with apache to manipulate the dbm files. I
put my dbm files into a new directory of /www (as opposed to apache's
/usr/local/www path), so they can't be accessed by browsers, but can be
specified in the .htaccess files and accessed for authentication.

Note that the web access passwords are totally separate from the system
login passwords, and should remain so.
-- 
Ken

Are you interested in   |
byte-sized education    |   http://www.play-hookey.com
over the Internet?      |