On 01/08/2007 05:08 PM, Patrick Welche wrote:

> 
> 
> First an apology for posting to dev: I thought there was at least a
> documentation issue, but no:
> 
> AuthDBDUserPWQuery Directive
> ...
>    SQL varchar) argument (username), and return a single value (encrypted
>    password).                                                   ^^^^^^^^^
> 
> I am still searching for a way to get an encrypted password to be accepted..
> With
> 
> AuthDBDUserPWQuery "select md5(prefname) from person where userid=%s"
> 
> I get
> 
> [Mon Jan 08 16:04:41 2007] [error] [client ::1] (-1)Unknown error: 
> 4294967295: Comparing "Patrick" with "f87567f2159b425795ebb7ba9bc406ec"
> [Mon Jan 08 16:04:41 2007] [error] [client ::1] user prlw1: authentication 
> failure for "/webfolder": Password Mismatch

apr_password_validate or better apr_md5_encode does not simply apply MD5 to the 
password, but mixes it with a salt.
Furthermore the password hash needs to start with a 'marker' string to inform 
apr_password_validate which hash algorithm
it should use. If none is specified it falls back to crypt.

> 
> and with
> 
> AuthDBDUserPWQuery "select encode(digest(prefname,'sha1'),'hex') from person 
> where userid=%s"

>From my quick view at the apr-util code I would guess that the following 
>should work:

AuthDBDUserPWQuery "select '{SHA}'||encode(digest(prefname,'sha1'),'hex') from 
person where userid=%s"

Regards

RĂ¼diger

Reply via email to