addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrosseditemptyheartfacebookfolderfullheartglobegmailgoogleimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruseryahoo

RE: [linux-392] Another stupid thing

From: user 4.
Sent on: Tuesday, February 3, 2009 11:02 AM
Yes, but when I generate the mysql account in php, I'm generating the hash
code and placing it in the database.  I query the hash code and set
conf->ha1 to that value.
Mod_auth_digest using this hash code to generate the digest for comparison.
     $ha = md5($user . ':' . $realm . ':' . $passwd);
Haha.  Lol
I found this nifty tid-bit on php.net:
	$A1 = md5($data['username'­] . ':' . $realm . ':' . 
		$users[$data['userna­me']]);
	$A2 = md5($_SERVER['REQUES­T_METHOD'].':'.$data­['uri']);
	$valid_response =
md5($A1.':'.$data['n­once'].':'.$data['nc­'].':'
	
$data['cnonce'].':'.­$data['qop'].':'.$A2­);
I hope my mod_auth_digest (mysql) works!
It took me a while do realize that ha1 in mod_auth_digest is not an
encrypted password but a stinking hash code.  I was tired and slow.
After you've programmed so many hours, your computer should automatically
shut off and lock and said programmer should automatically pass out from
exhaustion.
Michele

-----Original Message-----
From: [address removed] [mailto:[address removed]] On Behalf Of Sean
OMeara
Sent: Sunday, February 01,[masked]:54 PM
To: [address removed]
Subject: Re: [linux-392] Another stupid thing

mod_auth_mysql needs to be basic so it can take the plaintext password
and turn around and give it to mysql.
mod_auth_krb, mod_auth_ldap, mod_auth_most-things­-with-a-backend also
need to be basic.

wrap the http session in ssl.

-s

On Sun, Feb 1, 2009 at 12:15 PM, Michele <[address removed]> wrote:
> I'm sorry for all these stupid posts.  I'm in the middle of a learning
> process.  It's always darkest before the dawn.
>
>
>
> I see cookies are viewable and editable.
>
>
>
> Does anyone know if any browsers allow the user to view and edit the
request
> Authorization?
>
>
>
> If I hack the mod_auth_digest file to include mysql, which I haven't
> verified is totally possible, yet, am I wasting my time.
>
>
>
> Basic authorization isn't flexible enough.
>
>
>
> What I want is to use AuthType in a secure fashion.
>
>
>
> Does it work like that?
>
>
>
> Is that stupid, too?
>
>
>
> I'm not going to be using real Digest on my server, why does
mod_auth_mysql
> have to be Basic?
>
>
>
> Margaret
>
>
>
>
>
>
>
> --
> Please Note: If you hit "REPLY", your message will be sent to everyone on
> this mailing list ([address removed])
> This message was sent by Michele ([address removed]) from The New York
> GNU/Linux Meetup Group.
> To learn more about Michele, visit his/her member profile
> To unsubscribe or to update your mailing list settings, click here
>
> Meetup Support: [address removed]
> 632 Broadway, New York, NY 10012 USA



--
Please Note: If you hit "REPLY", your message will be sent to everyone on
this mailing list ([address removed])
http://linux.meet...­
This message was sent by Sean OMeara ([address removed]) from The New York
GNU/Linux Meetup Group.
To learn more about Sean OMeara, visit his/her member profile:
http://linux.meet...­
To unsubscribe or to update your mailing list settings, click here:
http://www.meetup...­
Meetup Support: [address removed]
632 Broadway, New York, NY 10012 USA

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy