auth_http - Password always different

nsclick at nsclick at
Mon Dec 23 11:47:11 UTC 2019


I'm trying to use "auth_http" to handle the authentication for SMTP.
The auth script itself is a PHP script. At the beginning of the script I'm doing the following (just for testing!!! The passwords will not be logged later):

if( !isset($_SERVER["HTTP_AUTH_USER"]) || !isset($_SERVER["HTTP_AUTH_PASS"]) )
	// User or Password are NOT set.
	fail("Invalid user or password");

$username = $_SERVER["HTTP_AUTH_USER"];
$userpass = $_SERVER["HTTP_AUTH_PASS"];

$fd=fopen('php_mail.log', 'a');
fputs($fd, "User: [".$username."]  Protocol: [".$protocol."]  Pass: [".$userpass."]\n");

However, the passwords I see in the log are different all the time for the same user.
Often they consist of 32 hexadecimal digits (but never the same combination) or sometimes they are simply the username with brackets around.

For my understanding the received password should be the same all the time, because otherwise I cannot check the user credentials.

Is there a problem with my understanding or do I miss something?



More information about the nginx mailing list