SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Slackware64 14.2, SlackwareARM, Debian, CentOS, RHEL, Devuan, Raspbian, Kali
Posts: 15
Rep:
htpasswd no longer working after upgrade to 14.0
Hello everyone, I'm having issues with htpasswd now that I have upgraded my server to Slackware 14.0 (worked fine in 13.1). When I generate a few user in a .htpasswd file, I cannot authenticate as that user, however, if I use htpasswd on another distribution and copy it over, it works fine.
I want to give a bit more information just to help ensure I'm giving good information.
I wish to add a simple level of authentication to view a stats page on my server. Not only myself, but others will need access. I can copy my username and password from a previous .htpasswd file and it works fine (from when I was running an older Slackware version), but when I try to use htpasswd now, no one can authenticate.
Here is the snippit from my apache config.
Code:
<Files "awstats.pl">
AuthType Basic
AuthName "Do you have a login?"
AuthBasicProvider file
AuthUserFile /srv/www/mydomain.com/.passwd.awstats
Require valid-user
</Files>
The only thing I get in my apache error log in authentication failure to "file" Password Mismatch.
I know I'm pointing to the correct file since if I copy over a previous pass generated before the upgrade or on another distribution, it works great. Has anyone else ever ran into this one? I think it maybe an issue with the Apache 2.4.4 as the other disros I have used are running 2.2 and I have tried this on 5 different Slackware 14 (some 64bit, some 32) machines and I continue to have the same issue. Any help on this would be greatly appreciated. Thank you.
UPDATE: I have tried to do this with a couple other distros now (all running apache 2.2.x). And it seems the others use CRYPT by default (which works) and Slackware uses MD5 by default (which no longer works), but CRYPT fails when I try to force it in Slackware.
Last edited by DaijoubuKun; 03-16-2013 at 08:43 PM.
Yes... just tried it and confirmed. Apache httpd (both the original 2.4.3 and newer 2.4.4) does not seem to work with basic authentication passwords encoded by htpasswd. It fails with crypt, MD5, and SHA methods. I don't know what is wrong, but the problem seems to be in htpasswd itself (as you found), not Apache httpd.
As a work-around, you can encode MD5 passwords (here "MyPassword") for your password file like this:
Code:
$ openssl passwd -apr1 MyPassword
Paste the result into your password file, putting "username:" in front. I tried this and it did work. But I would really like to know what is wrong with the htpasswd command, and why (per your post) it is only on Slackware 14.
Distribution: Slackware64 14.2, SlackwareARM, Debian, CentOS, RHEL, Devuan, Raspbian, Kali
Posts: 15
Original Poster
Rep:
The first 2 replies, I can confirm as working.
Quote:
openssl passwd -apr1 MyPassword
and
Quote:
But ... when I specify the password on the command line with "-b" it works.
I have been trying some of the other distributions I have, but none of them are running Apache 2.4 yet, even in their experimental releases. So I haven't been able to test if this is a Slackware specific thing or not. However, after reviewing the Slackware build script in the source, I don't believe it is. Looks like we need to get this bug into Apache's tracker.
In the mean while, I have a single line script here that will allow anyone to create a new password without having to type it directly into the console. It's not elegant, but it works.
Using "-b" is dangerous, because users can do a "ps" and see other user's passwords. So on a server where many users can login this is not a good idea.
Distribution: Slackware64 14.2, SlackwareARM, Debian, CentOS, RHEL, Devuan, Raspbian, Kali
Posts: 15
Original Poster
Rep:
Quote:
Originally Posted by MadMaverick9
Using "-b" is dangerous, because users can do a "ps" and see other user's passwords. So on a server where many users can login this is not a good idea.
This is true, however, the other users better have incredible timing unless it takes the server a long time to generate a pass. It takes mine under one second, so any others who are logged in are not likely to see anything. The other benefit to that one-liner is the variables are only used until the end of execution then removed from memory. So there is not way to pull the variables or view your history to find the password.
This is a little more than a slip. No value is ever assigned to "pwin".
It's OK - it is a pointer assignment. pw (the pointer) is assigned to point to the start of the pwin array.
There is a bug somewhere in here, but that isn't it.
The most likely culprit is that patch that was applied to 2.4.4 (found above by ponce) to add the -i option. I have a feeling htpasswd is now encrypting something other than the actual password, or perhaps the password with extra junk or truncated. It's kind of disturbing that something like that made it into a release and broke the most basic usage.
It's OK - it is a pointer assignment. pw (the pointer) is assigned to point to the start of the pwin array.
Oops, sorry, my mistake. Seen in context of the code in passwd_common.c I can see that you are correct. It looks to me like it is hashing a bunch of random garbage (pw), because the password went somewhere else.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.