Setting up HTTP Basic Authorisation

T Gillett tgillett1 at powerup.com.au
Wed Dec 6 23:54:55 MSK 2006


Igor Sysoev <is at ...> writes:

> 
> On Wed, 6 Dec 2006, T Gillett wrote:
> 
> > Igor Sysoev <is <at> ...> writes:
> >
> >> It seems I found the bug. If the "test:cgsk91HyOZHGE" is the single
> >> line in th efile and has no the carridge return or the line feed
> >> characters (if you edit file in the joe editor), then nginx does
> >> not understand the hash.
> >
> > This doesn't appear to be the problem in this case.
> >
> > The htpassword file actually has two lines as follows:
> > admin:cgwvsHpJSf6XU
> > test:cgsk91HyOZHGE
> >
> > followed by two empty lines (carriage returns).
> > I copied the admin line from etc/passwd and checked the password encryption
> > with the perl script.
> > Authorisation fails for both admin and test logins.
> 
> May crypt() using another salt ?
> 
> What does
> perl -le 'print crypt("test", "cgsk91HyOZHGE")'
> show ?
> 
> Igor Sysoev
> http://sysoev.ru/en/
> 
> 
Igor
I set up another id/password with a different salt as follows:

admin:cgwvsHpJSf6XU
test:cgsk91HyOZHGE
test1:abgOeLfPimXQo

Same result. Here are the access log entries:

192.168.1.25 - - [07/Dec/2006:06:49:23 +1000] GET /hello.php HTTP/1.1
Status"401" Bytes195 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8" "-"

192.168.1.25 - test1 [07/Dec/2006:06:49:35 +1000] GET /hello.php HTTP/1.1
Status"401" Bytes195 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8" "-"

I ran the perl script as follows:

# perl -le 'print crypt("test", "cgsk91HyOZHGE")'
cgsk91HyOZHGE

The result is the same if I use if I use an unknown id or an incorrect password.

Thanks
Terry







More information about the nginx mailing list